-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Philipp von Weitershausen wrote: > Tres Seaver wrote: >> Log message for revision 89399: >> Pin / fix up dependencies based on comparison with monolith. >> > > Thanks for picking this up! > > I do, however, strongly object to pinning versions of dependencies in > setup.py like this. What's the point of eggifying Zope 2 in the first > place then if not for the ability to upgrade individual libraries to > newer versions with bugfixes or features? > > Instead of pinning versions in setup.py, we should rather include a list > of known-good versions, or even better, add the Zope 2 eggs to the Zope > KGS. That way, by default, you'd get the known good set but you could > deviate from it as necessary. More importantly, by having one good set > (instead of a setup.py here, a versions.cfg there and another list > somewhere else), the KGS becomes much easier to maintain.
I am uninterested in making the Z2 eggs depend on a KGS / index which is not managed specifically for the benefit of the corresponding Zope2 version: there is zero chance that such a KGS will be truly "known good" for a configuration which its managers don't test or run. This is no A better fix would be to run a set of indexes for the Z2 eggs, e.g.: http://download.zope.org/distribution/Zope-2.11.1/index/simple would contain *only* the egg versions which shipped with Zope 2.11.1 (the versions currently pinneed in setup.py). Note that I have already put this index up, with the "pinned" version of the Zope-2.11.1 sdist. Another index, e.g.:: http://download.zope.org/distribution/Zope-2.11/index/simple would contain the same eggs, plus updated versions known to work with Zope 2.11.x. Users who wanted to deploy exactly 2.11.1 would use the first index; those who wanted to do updates would use the second. Buildout users would need to write recipes which were able to use different indexes for different eggs, if they needed eggs not in the "Z2 KGS" index. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 [EMAIL PROTECTED] Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIme/i+gerLs4ltQ4RAk2HAKC4tGZr8EwNlopQcK6l88jcyHvO7wCgpkY5 7k1Wn1P0HfZbEiCl6r3+x2M= =MX2E -----END PGP SIGNATURE----- _______________________________________________ Zope-Dev maillist - [email protected] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
