So none of us are particular python gurus.. we're all a buncha hacks..
We had project X which called out module Y and module Z in requirements.txt.
However... module Y also listed module Z in module Y's setup.py.
So we thought... we should remove module Z from project X's requirements.txt since it will be installed (by pip) as a transitive dependency when module Y was installed.
Then I read this post and decided we were wrong:
http://blog.miguelgrinberg.com/post/the-package-dependency-blues
Long story short: when you are testing your app, its good to lock-down the versions you install and test against. Thats what requirements.txt allowed us to do....specify a version for module Z. Whereas if we allowed pip to decide the version of module Z by what was called out in Module Y's setup.py....that developer could end up with a newer version of the module Z which could include breaking changes.
*Module Y's setup.py had something like "module Z >= 1.0.0" and thus the upper version was not restricted.
No comments:
Post a Comment