-----BEGIN PGP SIGNED MESSAGE-----
Philipp von Weitershausen wrote:
> Tres Seaver wrote:
>> Log message for revision 89399:
>> Pin / fix up dependencies based on comparison with monolith.
> Thanks for picking this up!
> I do, however, strongly object to pinning versions of dependencies in
> setup.py like this. What's the point of eggifying Zope 2 in the first
> place then if not for the ability to upgrade individual libraries to
> newer versions with bugfixes or features?
> Instead of pinning versions in setup.py, we should rather include a list
> of known-good versions, or even better, add the Zope 2 eggs to the Zope
> KGS. That way, by default, you'd get the known good set but you could
> deviate from it as necessary. More importantly, by having one good set
> (instead of a setup.py here, a versions.cfg there and another list
> somewhere else), the KGS becomes much easier to maintain.
I am uninterested in making the Z2 eggs depend on a KGS / index which is
not managed specifically for the benefit of the corresponding Zope2
version: there is zero chance that such a KGS will be truly "known
good" for a configuration which its managers don't test or run. This is no
A better fix would be to run a set of indexes for the Z2 eggs, e.g.:
would contain *only* the egg versions which shipped with Zope 2.11.1
(the versions currently pinneed in setup.py). Note that I have already
put this index up, with the "pinned" version of the Zope-2.11.1 sdist.
Another index, e.g.::
would contain the same eggs, plus updated versions known to work with
Users who wanted to deploy exactly 2.11.1 would use the first index;
those who wanted to do updates would use the second. Buildout users
would need to write recipes which were able to use different indexes for
different eggs, if they needed eggs not in the "Z2 KGS" index.
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -