On Thu, Jul 02, 2015 at 09:22:03PM +0100, Dave Walker wrote: > On 29 June 2015 at 04:59, Robert Collins <[email protected]> wrote: > > Hi, so we're nearly ready to deprecate the python-version-specific > > requirements files. Once we have infra's requirements cross checking > > jobs all copacetic again, we should be able to move forward. > > > > There isn't a specific spec for this in pbr, and I wanted to get some > > broad input into the manner of the deprecation. > <SNIP> > > Slightly offtopic, but I've noticed that some consumers of bandit[0] > have been creating requirements-bandit.txt. This is to specify bandit > requirements without requiring the whole test-requirements.txt env to > be installed, to run what is essentially a linting tool. > > I'm not sure I like the idea of creating MORE requirements.txt style > files as it pollutes the project root namespace and currently has no > syncing from global-requirements. > > I wondered if you had any ideas on how to solve this for bandit usage, > and potentially other projects?
I would use setuptools extras to do this.[1] PBR has support for this since the 1.0.0 release. [2] I used it on subunit2sql to separate the fairly heavyweight requirements for using the graph command from the rest of the dependencies. [3] -Matt Treinish > > [0] https://wiki.openstack.org/wiki/Security/Projects/Bandit > [1] https://www.python.org/dev/peps/pep-0426/#extras-optional-dependencies [2] http://docs.openstack.org/developer/pbr/#extra-requirements [3] https://review.openstack.org/#/c/184278/
signature.asc
Description: PGP signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
