Dependency versions are unnecessarily pinned
Bug #1855725 reported by
Robie Basak
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
git-ubuntu |
Fix Released
|
Medium
|
Robie Basak |
Bug Description
Ideally git-ubuntu will work correctly with the latest version of all direct and indirect dependencies. Where it does not, a bug should exist (whether in git-ubuntu or upstream), and the line pinning to an older version (eg. in setup.py) will have a link to the bug as an explanation. We would then rely on CI to identify any problems revealed by newer versions of dependencies and handle them immediately.
Currently it seems that we are pinning more than is necessary, or the pins that exist are missing explanations.
This bug can be considered resolved when all remaining pins have a comment linking to a bug that explains why they are necessary.
Related branches
~racb/git-ubuntu:unpin
- Bryce Harrington: Approve
- Server Team CI bot: Approve (continuous-integration)
-
Diff: 226 lines (+36/-103)4 files modifiedgitubuntu/git_repository.py (+0/-43)
gitubuntu/git_repository_test.py (+28/-42)
gitubuntu/importer.py (+1/-1)
setup.py (+7/-17)
description: | updated |
tags: | added: snap |
Changed in usd-importer: | |
status: | Triaged → In Progress |
assignee: | nobody → Robie Basak (racb) |
Changed in usd-importer: | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
This degree of pinning seemed odd to me as well. Digging through the git history (`git blame` ftw) to try and understand why it was done, in many cases the versions specified go back to the origin of the requirements file. The rationale for why the particular versions were selected is only addressed in the abstract (as far as I've been able to tell) and I suspect may have been more due to a desire to "snapshot" a known-good working configuration rather than due to specific issues. But I can't rule out that there was a legitimate reason, that just wasn't written down, and assumed maybe you knew more than me about this.
So... unfortunately I suspect for many of the pinned versions we may never know a specific reason for limiting to those versions. We may need to just blindly drop pins (either one-by-one or all-together) that no rationale can be easily found, and then rely on testing to identify if they cause detectable issues.