[Zope3-dev] Re: Removed zope.security 3.4b4
Benji York
benji at zope.com
Sat Aug 18 09:16:49 EDT 2007
Darryl Cousins wrote:
> On Fri, 2007-08-17 at 19:24 +0200, Martijn Faassen wrote:
>> I think my next step is to fix some dependencies for Grok to hard
>> version numbers...
>
> I think that this is a good thing. I recently gave myself quite a bit
> grief with a careless bin/buildout which broke my application. To avoid
> that I need to be more specific in setup.py. (I haven't attempted it yet
> though).
Specifying versions should be done by the application (buildout for
example), not setup.py. If versions are put in setup.py they limit what
others can do with the version requirements (e.g., relaxing them).
> I haven't noticed that any of the maintained packages on svn.zope.org
> have specified egg version numbers in the dependencies.
> (install_requires).
>
> Should perhaps example be set by beginning to do so?
I prefer versions be specified (by buildout) for my packages, it helps
make development a lot more deterministic. One downside is that bugs
(including incompatibilities) in packages are found later because new
version uptake is much slower with nailed versions. One upside, as
you've discovered, is that you don't have version changes forced upon you.
A nice mix of the two approaches will be possible when buildout supports
the "only use release eggs" option.
--
Benji York
Senior Software Engineer
Zope Corporation
More information about the Zope3-dev
mailing list