[Zope3-dev] Re: Removed zope.security 3.4b4

Benji York benji at zope.com
Sat Aug 18 09:16:49 EDT 2007

Darryl Cousins wrote:
> On Fri, 2007-08-17 at 19:24 +0200, Martijn Faassen wrote:
>> I think my next step is to fix some dependencies for Grok to hard
>> version numbers...
> I think that this is a good thing. I recently gave myself quite a bit
> grief with a careless bin/buildout which broke my application. To avoid
> that I need to be more specific in setup.py. (I haven't attempted it yet
> though).

Specifying versions should be done by the application (buildout for 
example), not setup.py.  If versions are put in setup.py they limit what 
others can do with the version requirements (e.g., relaxing them).

> I haven't noticed that any of the maintained packages on svn.zope.org
> have specified egg version numbers in the dependencies.
> (install_requires).
> Should perhaps example be set by beginning to do so?

I prefer versions be specified (by buildout) for my packages, it helps 
make development a lot more deterministic.  One downside is that bugs 
(including incompatibilities) in packages are found later because new 
version uptake is much slower with nailed versions.  One upside, as 
you've discovered, is that you don't have version changes forced upon you.

A nice mix of the two approaches will be possible when buildout supports 
the "only use release eggs" option.
Benji York
Senior Software Engineer
Zope Corporation

More information about the Zope3-dev mailing list