On 5/1/2024 23:45, Clemens Lang wrote:
For reasons I don't understand, borgbackup wants to allow-list every new version of the msgpack library manually, so every update of the msgpack library breaks borgbackup.
It's likely because many python module projects have a culture of very poor backward compatibility practices. Interfaces change in incompatible ways all the time, often without the compatibility break being documented. I would assume a past minor version increase of msgpack broke borgbackup, which created a support burden for them, so now they pin the version.
This is bad for basically everyone, because client projects stick with old versions with old bugs out of caution even when newer ones would work fine (as in this case), it creates extra work when they do update, and it's really easy to get into situations with diamond dependencies where conflicting versions of the same module are required. This one issue is largely responsible for the need to have a separate venv for every project, each with identical or only slightly different copies of many of the dependencies.
And unfortunately, this is a social issue with no easy fix. :( - Josh
