On Thursday, June 6, 2024 at 5:56:15 AM UTC-5 Dima Pasechnik wrote:
Yet, pytest, a pip package, is installed and used rather regularly in Sage,
and nobody gets hurt. It is found to be safe to install this particular
package this way ("pip install pytest" does not affect anything in the Sage
venv, that's why).
Yet because the version of pytest wasn't pinned, things broke when pytest
8.* came out. This would not have happened if pytest had been installed as
a wheel package. (As you say, pip packages can also be pinned to a
particular version, though for a pure-Python package the only difference
between wheel and a pinned pip is whether dependencies also have to be
included.)
Dima, under your proposal that "standard packages can be pip packages",
what criteria would be used to decide whether (and how narrowly) to pin a
particular pip package? Also, what criteria would be used to determine
whether (and which) dependencies would be explicitly made Sage packages?
Personally, I support allowing Sage to use upstream binary wheels from PyPI
rather than building from things source, but feel it is a mistake not to
pin everything and explicitly list all dependencies, at least at first.
Best,
Nathan
--
You received this message because you are subscribed to the Google Groups
"sage-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to sage-devel+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/sage-devel/fa7c82aa-ce78-471d-b5e2-35ff3a682b27n%40googlegroups.com.
