Sean Dague, thanks for bringing up the subject.
This is highly relevant to my interests. =)
On 2014-11-17 7:10 PM, Robert Collins wrote:
Most production systems I know don't run with open ended dependencies.
One of our contributing issues IMO is that we have the requirements
duplicated everywhere - and then ignore them for many of our test runs
(we deliberately override the in-tree ones with global requirements).
Particularly, since the only reason unified requirements matter is for
distro packages, and they ignore our requirements files *anyway*, I'm
not sure our current aggregate system is needed in that light.
That said, making requirements be capped and auto adjust upwards would
be extremely useful IMO, but its a chunk of work;
- we need the transitive dependencies listed, not just direct dependencies
- we need a thing to find possible upgrades and propose bumps
I recently found this blog post which suggests using pip-review:
http://nvie.com/posts/pin-your-packages/#pip-review
Could it be run once in a while against global requirements and a change
proposed to gerrit to review new updates?
- we would need to very very actively propogate those out from global
requirements
For now I think making 'react to the situation faster and easier' is a
good thing to push on.
-Rob
--
Mathieu
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
