Follow-up Comment #5, bug #46996 (project health):
Hi !
Is not that simple. In the case of vobject, there was an issue with pypi and
the package update, resulting in the hiding of the latest version. So if we
would not have set the exact version, and just use the name of the package as
you suggest, it would have installed an obsolete 0.6.6, instead of 0.8.2 .
That would have resulted in a broken system.
Moreover, new versions also introduce bugs, so that's why we test the
dependencies and general functioning for a specific dependency version a while
before releasing the stable GNU Health version.
In addition, on Pypi there is no clear package numbering model (each package
maintainer can choose the naming convention they want), which is problematic
in order to just choose the latest patchset.
Because of that, the updated gnuhealth-setup includes the latest changes on
the dependencies. At this point, the number of dependencies is limited (16),
so it's feasible.
For Tryton and GNU Health modules, the GNU Health control update system checks
and installs the latest patchlevel in both cases.
For the running system, we can send security advisories on updating specific
python packages, postgreSQL and other components when required. That would be
done by the GNU Health security team. Anyone that wants to become a member of
this important task is most welcome, knowing though the responsibility and
commitment associated to it.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?46996>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
