[Zope3-dev] Re: Removed zope.security 3.4b4

Darryl Cousins darryl at darrylcousins.net.nz
Sat Aug 18 20:33:19 EDT 2007


On Sat, 2007-08-18 at 09:16 -0400, Benji York wrote:
> Darryl Cousins wrote:
> > On Fri, 2007-08-17 at 19:24 +0200, Martijn Faassen wrote:
> >> I think my next step is to fix some dependencies for Grok to hard
> >> version numbers...
> > 
> > I think that this is a good thing. I recently gave myself quite a bit
> > grief with a careless bin/buildout which broke my application. To avoid
> > that I need to be more specific in setup.py. (I haven't attempted it yet
> > though).
> Specifying versions should be done by the application (buildout for 
> example), not setup.py.  If versions are put in setup.py they limit what 
> others can do with the version requirements (e.g., relaxing them).

Thanks for pointing this out. I was thinking of setup.py for the (my)
application, but you are right in any case.


> > I haven't noticed that any of the maintained packages on svn.zope.org
> > have specified egg version numbers in the dependencies.
> > (install_requires).
> > 
> > Should perhaps example be set by beginning to do so?
> I prefer versions be specified (by buildout) for my packages, it helps 
> make development a lot more deterministic.  One downside is that bugs 
> (including incompatibilities) in packages are found later because new 
> version uptake is much slower with nailed versions.  One upside, as 
> you've discovered, is that you don't have version changes forced upon you.
> A nice mix of the two approaches will be possible when buildout supports 
> the "only use release eggs" option.

More information about the Zope3-dev mailing list