[BangPypers] Do you pin your requirements.txt ?
Dhananjay Nene
dhananjay.nene at gmail.com
Fri Sep 13 05:48:58 CEST 2013
On Fri, Sep 13, 2013 at 12:38 AM, Saager Mhatre <saager.mhatre at gmail.com> wrote:
> On Thu, Sep 12, 2013 at 6:30 PM, Abdul Muneer <abdulmuneer at gmail.com> wrote:
>
>> I also pin requirements. But when I do 'pip freeze', I remove the packages
>> that are installed as a dependency to main libraries which were explicitly
>> installed.
>>
>
> I tend to avoid using 'pip freeze' as part of my dev flow for just this
> reason.
> YMMV, but it just adds busywork; easier to hand maintain a list of pinned
> top-level packages.
> As for (optimistically or pessimistically) pinned dependencies, I usually
> pin them on a case-by-case basis.
>
> Packages from pypi may specify dependency as ">=" and it will fetch the
>> latest. But if you had pinned those too, it can cause conflicts especially
>> if you upgrade the main component. Had run into issues because of this
>> while working on a pylons project.
>>
>
> Ditto.
> Except I recall hitting this when we were moving to py3k and one of the
> 'newer' packages of a dependency of something we were depending on added
> code that was beyond 2to3's capability. :P
Its a tradeoff between convenience and repeatability. If one wants to
avoid surprises eg. the one Saager mentioned, and ensure repeatability
its better to pin. Given adequate test coverage to verify negative
side effects of any transitive dependency version upgrades, pinning
could be skipped imo.
Dhananjay
More information about the BangPypers
mailing list