Woops I misunderstood the original idea. YPlan's *pip-lock* isn't for checking if the packages are the latest versions as on PyPI, it just checks the current virtualenv is in sync with the requirements.txt file(s) that define it - e.g. if a developer adds a new dependency, the rest of the team need to install it. For us this boils down to a vagrant provision, so that's what the message says.
I agree, requires.io is a nice service for this. On 16 January 2017 at 14:18, James Bennett <[email protected]> wrote: > On Mon, Jan 16, 2017 at 4:47 AM, Adam Johnson <[email protected]> wrote: > >> We implemented something similar at YPlan but discovered that it wasn't a >> good idea as a system check, because if a dependency changes from another >> devs work then often Django can't even start and run the system check. >> Especially a problem when upgrading Django itself! Instead we implemented >> it as a function that runs in manage.py before Django is even loaded. >> > > On top of this, a cleaner solution is to use a monitoring service (like > https://requires.io/) to keep track of dependencies and get notified of > issues (especially useful since those services can break down issues like > "this is out of date" versus "this has known security issues"). > > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/django-developers. > To view this discussion on the web visit https://groups.google.com/d/ms > gid/django-developers/CAL13Cg9cqjBa_kyncL-jjOCk57iLbHyV6e7Ae > fyQTwccQhyQSA%40mail.gmail.com > <https://groups.google.com/d/msgid/django-developers/CAL13Cg9cqjBa_kyncL-jjOCk57iLbHyV6e7AefyQTwccQhyQSA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- Adam -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAMyDDM1tyPmM7C4n85a7CUmxLskn_tP8NY5C6vLKrO25oZjbJA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
