On 10 October 2015 at 03:57, Cory Benfield <c...@lukasa.co.uk> wrote: > >> On 9 Oct 2015, at 15:18, Jeremy Stanley <fu...@yuggoth.org> wrote: >> >> On 2015-10-09 14:58:36 +0100 (+0100), Cory Benfield wrote: >> [...] >>> IMO, what OpenStack needs is a decision about where it’s getting >>> its packages from, and then to refuse to mix the two. >> >> I have yet to find a Python-based operating system installable in >> whole via pip. There will always be _at_least_some_ packages you >> install from your operating system's package management. What you >> seem to be missing is that Linux distros are now shipping base >> images which include their python-requests and python-urllib3 >> packages already pre-installed as dependencies of Python-based tools >> they deem important to their users. >> > > Yeah, this has been an ongoing problem. > > For my part, Donald Stufft has informed me that if the distribution-provided > requests package has the appropriate install_requires field in its setup.py, > pip will respect that dependency.
It should but it won't :). https://github.com/pypa/pip/issues/2687 and https://github.com/pypa/pip/issues/988 The first one means that if someone does 'pip install -U urllib3' and an unbundled requests with appropriate pin on urllib3 is already installed, that pip will happily upgrade urllib3, breaking requests, without complaining. It is fixable (with correct metadata of course). The second one means that if anything - another package, or the user via direct mention or requirements/constraints files - specifies a urllib3 dependency (of any sort) then the requests dependency will be silently ignored. Both of these will be solved in the medium future - we're now at the point of having POC branches, and once we've finished with the constraints rollout and PEP-426 marker polish will be moving onto the resolver work. > Given that requests has recently switched to not providing mid-cycle urllib3 > versions, it should be entirely possible for downstream redistributors in > Debian/Fedora to put that metadata into their packages when they unbundle > requests. I’m chasing up with our downstream redistributors right now to ask > them to start doing that. > > This should resolve the problem for systems where requests 2.7.0 or higher > are being used. In other systems, this problem still exists and cannot be > fixed by requests directly. Well, if we get to a future where it is in-principle fixed, I'll be happy. -Rob -- Robert Collins <rbtcoll...@hp.com> Distinguished Technologist HP Converged Cloud __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
