Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.maint.python > #17484

Re: Upstream dependency version requirements [Was: Re: review for beets/2.9.0-1]

From Peter Pentchev <roam@ringlet.net>
Newsgroups linux.debian.maint.python
Subject Re: Upstream dependency version requirements [Was: Re: review for beets/2.9.0-1]
Date 2026-05-05 11:50 +0200
Message-ID <MRkzE-2Kax-5@gated-at.bofh.it> (permalink)
References <MQHeV-2joj-3@gated-at.bofh.it> <MR0rf-2wJt-1@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

On Mon, May 04, 2026 at 03:07:22PM +0300, Peter Pentchev wrote:
> On Sun, May 03, 2026 at 03:49:21PM -0000, Jeroen Ploemen wrote:
> > hi Pieter,
> > 
> > my review for the beets package:
> > 
> > * control: very specific version requirement for the dependency on
> >   python3-acoustid (= 1.3.1), while the upstream pyproject.toml
> >   specifies ^1.3.1 (note the caret) which if IIRC translates to
> >   >=1.3.1,<2;
> > * control: the build-dep on sphinx <9 has been overtaken by reality,
> >   with sphinx/9.1.0-1 already in unstable. Build seems to be fine
> >   with 9.1.0 too though.
> > 
> >   For both of the above, it's often an open question whether version
> >   restrictions declared by upstream are actually hard requirements or
> >   just a matter of "we prefer to have everyone use the version we
> >   tested with".
> 
> From my experience with various upstream projects, both individual
> authors with varying levels of experience and workflows, and
> more complex organizations (e.g. OpenStack), IMHO it is most useful to,
> at least initially, "assume good faith" and approach upstream requirements
> as follows...

So, uh, I just realized (a couple of days later, yeah) that what I wrote
may be misinterpreted. I did not in any way mean to criticize Jeroen's
words: I did not imply that he advocated not treating upstream requirements
in good faith. In my message I did outline a couple of cases in which
it is very much advisable to override them.

Apologies for any confusion.

G'luck,
Peter

-- 
Peter Pentchev  roam@ringlet.net roam@debian.org peter@morpheusly.com
PGP key:        https://www.ringlet.net/roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13

Back to linux.debian.maint.python | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

review for beets/2.9.0-1 Jeroen Ploemen <jcfp@debian.org> - 2026-05-03 17:50 +0200
  Upstream dependency version requirements [Was: Re: review for  beets/2.9.0-1] Peter Pentchev <roam@ringlet.net> - 2026-05-04 14:20 +0200
    Re: Upstream dependency version requirements [Was: Re: review for  beets/2.9.0-1] Jeremy Stanley <fungi@yuggoth.org> - 2026-05-04 15:40 +0200
    Re: Upstream dependency version requirements [Was: Re: review for  beets/2.9.0-1] Peter Pentchev <roam@ringlet.net> - 2026-05-05 11:50 +0200
      Re: Upstream dependency version requirements [Was: Re: review for  beets/2.9.0-1] "Pieter Lenaerts" <plenae@disroot.org> - 2026-05-06 08:40 +0200

csiph-web