New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Relax upper bounds on dependencies #227
Comments
Yeah, I think we probably should relax -- @sgillies brought my attention to https://packaging.python.org/en/latest/discussions/install-requires-vs-requirements/ which seems to indicate we should relax any constraints that we don't need, and use a When I pinned all of those it was by instinct after coming from compiled languages (e.g. Rust) where this is generally best practice -- obviously things are different here. |
👍 thanks. One workflow question around testing: IME it's best to have 2-3 environments:
Are folks OK with that rough that? |
Sounds good to me, couple of questions/thoughts:
|
Yeah, either a requirements file or pinned versions in the CI job that's building that environment. |
Currently, all the stactools dependencies are set as
~=
dependencies:stactools/setup.cfg
Lines 33 to 42 in 4a19089
For some packages that follow calver, like
fsspec
, that kind of constraint isn't meaningful. There's no reason to pin to a specific month's release.It's also not meaningful for packages that use
x.y.z
version numbers, but don't actually promise to follow semver. I haven't checked if all those libraries declare that they do.I also don't think it's appropriate for a "base" library like stactools to setup upper bounds. What if a downstream package requires a higher version of a package than what's allowed here?
And finally, IMO it's almost never appropriate for a library to declare an upper bound. Who's to say that stactools isn't compatible with the next release of that package? https://iscinumpy.dev/post/bound-version-constraints/ goes into this in much more detail, but the short version is that it's best for libraries to be as flexible as possible and let specific applications to pin their dependencies as they desire.
The text was updated successfully, but these errors were encountered: