On 2014-10-01 16:04:37 -0007 (-0007), Joshua Harlow wrote: > Thanks for finding this one (it'd be nice for some gate job to run > in 'strict' requirements mode which tests the lower bounds of the > requirements repo somehow, since with things like kombu>=2.5.0 > this will always pull in the newest and everything will look fine, > it'd be neat if somehow we could turn all '>=' to '==' in one gate > job somehow)...
This has been suggested before, and can be implemented in the magical land of fairies and elves where pip has an actual dependency solver... ;) Snarkiness aside, pip just installs what you ask it to install, in sequence. Transitive dependencies which conflict with your dependencies don't cause an installation failure, they just override you. So you can force things from >= to == all you like, but in many, many cases it won't prevent you from winding up with newer versions of libraries than you asked for. One alternative would be to hack an --always-lowest option into a new version of pip, which would cause it to always choose the lowest match for any declared range rather than the highest. Though I expect this would break horribly as we've no doubt got unversioned transitive dependencies (so not under our control, unlike direct dependencies) where the earliest releases were unusable. -- Jeremy Stanley _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev