I too have learnt the hard way how `--upgrade` can cause conflicts due to the `pip freeze` flattening the dependency tree. What works for me though is to keep requirements.txt completely out of picture when upgrading packages ie. to upgrade manually and preferably do it one package at a time as far as possible. Considering that upgrades don't happen frequently (at least in projects I have worked on), it's not much of a hassle. But yes, this requires a list of top level deps to be maintained (or they may be found out by guessing and confirming at the time of upgrading :-))
IMO, where pinning really helps is guaranteeing a stable environment at any time. One advantage of pinning requirements even if there are automated tests is that if tests fail due to a breaking upgrade, it will be easier to know which version to rollback to. Another thing is, as per the deployment workflow we follow at my workplace, everytime while deploying code to the server, fabric runs a `pip install -r requirements.txt` remotely. Since requirements are pinned, most of the time installation is skipped unless some package has been upgraded locally. But in case they are not pinned, a buggy upgrade could break production (there could be a better approach for synchronizing dependencies across different environments and I would be happy to know about it) On Fri, Sep 13, 2013 at 1:06 PM, Saager Mhatre <saager.mha...@gmail.com>wrote: > On Sep 13, 2013 9:19 AM, "Dhananjay Nene" <dhananjay.n...@gmail.com> > wrote: > > [...] > > Given adequate test coverage to verify negative side effects of any > transitive dependency version upgrades, pinning could be skipped imo. > > > > Dhananjay > > +1 for automated tests to cover relevant API contracts of dependencies. > That's a great approach to decide when to pin. > > Thanks for pointing that out Dhananjay. > > - d > _______________________________________________ > BangPypers mailing list > BangPypers@python.org > https://mail.python.org/mailman/listinfo/bangpypers > -- Vineet Naik _______________________________________________ BangPypers mailing list BangPypers@python.org https://mail.python.org/mailman/listinfo/bangpypers
