[Zope3-dev] Dealing with external dependencies
Philipp von Weitershausen
philipp at weitershausen.de
Wed Jul 18 17:24:42 EDT 2007
Up until now we've been a bit sloppy when it came to egg dependencies.
Not specifying a version number or range basically means that the code
in question assumes it will work with any future version of its
dependency. Admittedly, setuptools doesn't exactly make it easy to say
"I depend on ZODB 3.8.x". Jim has proposed to add a syntax to setuptools
to support this nicely but it's not there yet. So I guess we'll have to
wait for that.
Things are a bit different with external dependencies (docutils,
mechanize, ClientForm, twisted, etc.), I think. They bear a higher risk
of breaking stuff for us in future releases, even if they're just minor
releases, because we don't control them and their developers probably
don't test their stuff with our code [1]. Back in the old days, we would
do vendor imports or use revision tags for the externals. This was
basically the equivalent of depending on a specific, well-known working
version of the external package.
I propose to do the same for the external dependencies we have. So far I
only count docutils as an actual egg dependency because mechanize,
ClientForm and twisted are still packaged up in the egg that uses them
(we should change that, too). I will therefore change zope.app.renderer
to depend on docutils==0.4, unless there are objections.
[1] This problem has bitten us over at Grok because apparently Ubuntu
has decided to deploy docutils 0.4.1 which doesn't seem to actually
exist anywhere and therefore confuses zc.buildout. See
https://bugs.launchpad.net/grok/+bug/126742.
--
http://worldcookery.com -- Professional Zope documentation and training
More information about the Zope3-dev
mailing list