On 19 Jul 2007, at 19:36 , Dieter Maurer wrote:
Things are a bit different with external dependencies (docutils,
mechanize, ClientForm, twisted, etc.), I think. They bear a higher risk of breaking stuff for us in future releases, even if they're just minor
releases, because we don't control them and their developers probably
don't test their stuff with our code [1]. Back in the old days, we would
do vendor imports or use revision tags for the externals. This was
basically the equivalent of depending on a specific, well-known working
version of the external package.

I propose to do the same for the external dependencies we have. So far I
only count docutils as an actual egg dependency because mechanize,
ClientForm and twisted are still packaged up in the egg that uses them (we should change that, too). I will therefore change zope.app.renderer
to depend on docutils==0.4, unless there are objections.

Don't you drastically increase the risk of conflicts?

Yes, probably. I've been convinced now that making libraries depend on specific versions isn't such a good idea.

Thanks for the input.

Zope3-dev mailing list
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to