Bug#812465: Please do not be so restrictive with versions of urllib3

2016-01-25 Thread Thomas Goirand 
On 01/24/2016 01:32 PM, Ian Cordasco wrote:
> Hi Thomas,
> 
> Requests has a policy of only supporting one version of urllib3. As
> such, Debian attempting to be less restrictive will result in Debian
> having to carry patches for those versions of urllib3 which Requests
> will not support. The Requests project has already made accommodations
> with Debian and Fedora to only use versions of urllib3 that have been
> released.
> 
> If you'd like to develop patches to make backporting requests without
> backporting the necessary version of urllib3, that's fine. I don't
> think there should be a policy of carrying unnecessary unsupported
> patches that will likely cause more bug reports than not.
> 
> Cheers,
> Ian

Ian,

Just to make sure you got it, if we write:

Depends: python-urllib3 (>= 1.13.1-1~), python-urllib3 (<< 1.13.2)

it means that effectively, only version 1.13.1 will be installed.
Anything higher or lower will not be accepted. So my proposal doesn't
break your rule, it just allows to use multiple debian revision, and
allows backporting to previous Debian (or Ubuntu) releases.

By the way, what I wrote wasn't perfect, we could/should even write:
Depends: python-urllib3 (>= 1.13.1), python-urllib3 (<< 1.13.2)

and we shouldn't even care about the Debian part of the version.

Cheers,

Thomas Goirand (zigo)

Bug#812465: Please do not be so restrictive with versions of urllib3

2016-01-24 Thread Daniele Tricoli 
On Sunday, January 24, 2016 12:13:38 PM Daniele Tricoli wrote:
> So, an upload of urllib3 1.13.1-2 (note the Debian revision bump) 
> will be fine. Right now it's not.

It's better I clarify more:
s/will be fine/will not need a new upload of requests/.

-- 
 Daniele Tricoli 'eriol'
 https://mornie.org

signature.asc
Description: This is a digitally signed message part.

Bug#812465: Please do not be so restrictive with versions of urllib3

2016-01-24 Thread Daniele Tricoli 
Hello all,

On Sunday, January 24, 2016 12:28:37 PM Thomas Goirand wrote:
> python-requests (build-)dependencies on urllib3 are too restrictive, in a
> way which doesn't allow backporting without tweaking (build-)dependencies.

Yes I realized that myself, but James Page already reported this issue on 
#809485.
It was not fixed before only because James did not need the fix immediately.

I consider this new report as a increased priority so I'm merging this bug 
with the original one and fixing this now. :)

@Ian: Thomas and Brian are right saying I was to restrictive, I realized that 
myself (see #809485), this change will allow to have a strict versioned 
dependency between requests and urllib3 upstream version leaving out Debian 
revisions. So, an upload of urllib3 1.13.1-2 (note the Debian revision bump) 
will be fine. Right now it's not. As I said in #809485 it was not fixed 
immediately because it was not so urgent at that time.

Regards,

-- 
 Daniele Tricoli 'eriol'
 https://mornie.org

signature.asc
Description: This is a digitally signed message part.

Bug#812465: [Python-modules-team] Bug#812465: Please do not be so restrictive with versions of urllib3

2016-01-23 Thread Brian May 
Ian Cordasco  writes:

> If you'd like to develop patches to make backporting requests without
> backporting the necessary version of urllib3, that's fine. I don't
> think there should be a policy of carrying unnecessary unsupported
> patches that will likely cause more bug reports than not.

To expand on my previous email, the backports version would be
1.13.1-1~bpo8+1

However debian/control specifies python-urllib3 (= 1.13.1-1); this will
not allow the backported version to work.

Changing this in debian/control as suggested has no impact on the
upstream policy, nor does it require maintaing patches.
-- 
Brian May

Bug#812465: [Python-modules-team] Bug#812465: Please do not be so restrictive with versions of urllib3

2016-01-23 Thread Ian Cordasco 
On Jan 23, 2016 11:54 PM, "Brian May"  wrote:
>
> Ian Cordasco  writes:
>
> > If you'd like to develop patches to make backporting requests without
> > backporting the necessary version of urllib3, that's fine. I don't
> > think there should be a policy of carrying unnecessary unsupported
> > patches that will likely cause more bug reports than not.
>
> You do realize this isn't a upstream change that is being proprosed,
> just a small change to debian/control that will not have any impact for
> unstable, testing or stable?

Requests integrates tightly with urllib3. Trying to use an older version of
the dependency (or a newer version) can wreak havoc. Try using requests
2.2.1 and urllib3 1.10 or 1.11. The right constraint is necessary to
prevent Debian from needing to carry patches for compatibility. Upstream
will not support anything for users that violates the existing restrictions.

Bug#812465: [Python-modules-team] Bug#812465: Bug#812465: Please do not be so restrictive with versions of urllib3

2016-01-23 Thread Brian May 
Ian Cordasco  writes:

> Requests integrates tightly with urllib3. Trying to use an older version of
> the dependency (or a newer version) can wreak havoc. Try using requests
> 2.2.1 and urllib3 1.10 or 1.11. The right constraint is necessary to
> prevent Debian from needing to carry patches for compatibility. Upstream
> will not support anything for users that violates the existing restrictions.

Better read that request again.

There was nothing I saw about using it with an older upstream version of
urllib3.
-- 
Brian May

Bug#812465: Please do not be so restrictive with versions of urllib3

2016-01-23 Thread Thomas Goirand 
Package: python-requests
Version: 2.9.1-1
Severity: normal

Hi there,

python-requests (build-)dependencies on urllib3 are too restrictive, in a
way which doesn't allow backporting without tweaking (build-)dependencies.

Instead of writing something like this:
python-urllib3 (= 1.13.1-1)

please write something like this:
python-urllib3 (>= 1.13.1-1~), python-urllib3 (<< 1.13.2)

so that we don't need to "fix" the dependencies when doing a backport.
Please note that the fact requests is already maintained or not within
the official Jessie backports isn't relevant. Here, I needed to do
backports to Trusty, and one may want to backport to another derivative
of Debian.

Cheers,

Thomas Goirand (zigo)

Bug#812465: Please do not be so restrictive with versions of urllib3

2016-01-23 Thread Ian Cordasco 
Hi Thomas,

Requests has a policy of only supporting one version of urllib3. As
such, Debian attempting to be less restrictive will result in Debian
having to carry patches for those versions of urllib3 which Requests
will not support. The Requests project has already made accommodations
with Debian and Fedora to only use versions of urllib3 that have been
released.

If you'd like to develop patches to make backporting requests without
backporting the necessary version of urllib3, that's fine. I don't
think there should be a policy of carrying unnecessary unsupported
patches that will likely cause more bug reports than not.

Cheers,
Ian

Bug#812465: [Python-modules-team] Bug#812465: Please do not be so restrictive with versions of urllib3

2016-01-23 Thread Brian May 
Ian Cordasco  writes:

> If you'd like to develop patches to make backporting requests without
> backporting the necessary version of urllib3, that's fine. I don't
> think there should be a policy of carrying unnecessary unsupported
> patches that will likely cause more bug reports than not.

You do realize this isn't a upstream change that is being proprosed,
just a small change to debian/control that will not have any impact for
unstable, testing or stable?
-- 
Brian May