[Pulp-dev] Pinning dependencies in Pulp 3
daviddavis at redhat.com
Fri Jul 26 15:37:37 UTC 2019
Recently, Pulp 3 package installs were broken by a new version of DRF which
necessitated a new release of pulpcore (RC4). Our releases are fragile
and unstable because they don't pin versions of dependencies.
I was thinking of a new strategy whereby we pin pulpcore's dependencies to
specific versions (either y or z releases) and we use something like
dependabot to notify us of new updates for pulpcore dependencies. It
looks like it'll open new PRs when it detects a dependency is out of date.
The one downside I do see is that dependabot PRs could be ignored. However,
I think the stability of our releases outweighs this potential risk
especially as we get closer to GA.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pulp-dev