[Pulp-dev] Pinning dependencies in Pulp 3
bbouters at redhat.com
Fri Jul 26 17:40:12 UTC 2019
+1. This brings increased stability to Pulp users, and keeps Pulp forward
compatible with all dependency releases. It's the best of both worlds and
On Fri, Jul 26, 2019 at 12:33 PM Dennis Kliban <dkliban at redhat.com> wrote:
> I really like that there is automation to help us update the deps. If the
> PR from dependabot passes CI, we can just merge. Otherwise we will file an
> On Fri, Jul 26, 2019 at 11:38 AM David Davis <daviddavis at redhat.com>
>> Recently, Pulp 3 package installs were broken by a new version of DRF
>> which necessitated a new release of pulpcore (RC4). Our releases are
>> fragile and unstable because they don't pin versions of dependencies.
>> I was thinking of a new strategy whereby we pin pulpcore's dependencies
>> to specific versions (either y or z releases) and we use something like
>> dependabot to notify us of new updates for pulpcore dependencies. It
>> looks like it'll open new PRs when it detects a dependency is out of date.
>> The one downside I do see is that dependabot PRs could be ignored.
>> However, I think the stability of our releases outweighs this potential
>> risk especially as we get closer to GA.
>>  https://www.redhat.com/archives/pulp-dev/2019-July/msg00076.html
>>  https://dependabot.com/
>> Pulp-dev mailing list
>> Pulp-dev at redhat.com
> Pulp-dev mailing list
> Pulp-dev at redhat.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pulp-dev