[Zope3-dev] Dealing with external dependencies
Philipp von Weitershausen
philipp at weitershausen.de
Thu Jul 19 16:51:07 EDT 2007
On 19 Jul 2007, at 19:36 , Dieter Maurer wrote:
>> ...
>> Things are a bit different with external dependencies (docutils,
>> mechanize, ClientForm, twisted, etc.), I think. They bear a higher
>> risk
>> of breaking stuff for us in future releases, even if they're just
>> minor
>> releases, because we don't control them and their developers probably
>> don't test their stuff with our code [1]. Back in the old days, we
>> would
>> do vendor imports or use revision tags for the externals. This was
>> basically the equivalent of depending on a specific, well-known
>> working
>> version of the external package.
>>
>> I propose to do the same for the external dependencies we have. So
>> far I
>> only count docutils as an actual egg dependency because mechanize,
>> ClientForm and twisted are still packaged up in the egg that uses
>> them
>> (we should change that, too). I will therefore change
>> zope.app.renderer
>> to depend on docutils==0.4, unless there are objections.
>
> Don't you drastically increase the risk of conflicts?
Yes, probably. I've been convinced now that making libraries depend
on specific versions isn't such a good idea.
Thanks for the input.
More information about the Zope3-dev
mailing list