On 3 July 2015 at 08:22, Dave Walker <[email protected]> wrote: > On 29 June 2015 at 04:59, Robert Collins <[email protected]> wrote: >> Hi, so we're nearly ready to deprecate the python-version-specific >> requirements files. Once we have infra's requirements cross checking >> jobs all copacetic again, we should be able to move forward. >> >> There isn't a specific spec for this in pbr, and I wanted to get some >> broad input into the manner of the deprecation. > <SNIP> > > Slightly offtopic, but I've noticed that some consumers of bandit[0] > have been creating requirements-bandit.txt. This is to specify bandit > requirements without requiring the whole test-requirements.txt env to > be installed, to run what is essentially a linting tool.
Well, this doesn't really make sense to me. making a new virtualenv with tools like that is a few seconds (after the first warm-up time), and the virtualenvs persist. For CI, its not the bottleneck and thus perf is irrelevant. > I'm not sure I like the idea of creating MORE requirements.txt style > files as it pollutes the project root namespace and currently has no > syncing from global-requirements. > > I wondered if you had any ideas on how to solve this for bandit usage, > and potentially other projects? > > [0] https://wiki.openstack.org/wiki/Security/Projects/Bandit Its feasible to use extras for this, but I wouldn't. requirements-bandit.txt is definitely a problem though as its not synced, not linted, and not cross-checked. So my recommendations are: 1) test-requirements. Thats what its there for. 2) extras if that reallllly is an issue. Also if doing this help everyone by documenting where the issue is. -Rob -- Robert Collins <[email protected]> Distinguished Technologist HP Converged Cloud __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
