Specify dependencies version #19

New issue

Closed

opened 2019-12-03 15:15:54 +01:00 by erdnaxeli · 1 comment

erdnaxeli commented

2019-12-03 15:15:54 +01:00

(Migrated from github.com)

Hi,

I saw you removed the dependencies versions in this commit f66418ad4d. Why?

The versions should be specified to ensure the app still works if any dependency gets updated. Ranges could be used to accept minor version, but block major ones (like someting>=10,<11)

Hi, I saw you removed the dependencies versions in this commit https://github.com/lachs0r/0x0/commit/f66418ad4d02afa92206d9892dd0dc73160d0007. Why? The versions should be specified to ensure the app still works if any dependency gets updated. Ranges could be used to accept minor version, but block major ones (like `someting>=10,<11`)

mia commented

2019-12-03 23:30:04 +01:00

On Dienstag, 3. Dezember 2019 06:15:55 PST Alexandre Morignot wrote:

Hi,

I saw you removed the dependencies versions in this commit
https://github.com/lachs0r/0x0/commit/f66418ad4d02afa92206d9892dd0dc73160d0
007. Why?

The versions should be specified to ensure the app still works if any
dependency gets updated. Ranges could be used to accept minor version, but
block major ones (like someting>=10,<11)

Because in my experience, the Python ecosystem (excluding the irredeemable
dumpsterfire that is the Django community) tends not to break API in
backwards-incompatible ways very often. And if they do, this app should be
updated to support the changes. To that end, it might make sense to write a
test suite.

To be honest, I don’t care enough to even keep requirements.txt up to date
because I’m just using openSUSE Tumbleweed’s packages anyway (which are
generally up to date).

In the few years 0x0.st has been running, I don’t recall any instance of API
breakage.

What I should do however is refactor the damn thing so it uses fewer
abandoned/obsolete modules. 0x0 started out as a quick temporary solution, and
it really shows that code quality was not a priority at any point in its
development.

On Dienstag, 3. Dezember 2019 06:15:55 PST Alexandre Morignot wrote: > Hi, > > I saw you removed the dependencies versions in this commit > https://github.com/lachs0r/0x0/commit/f66418ad4d02afa92206d9892dd0dc73160d0 > 007. Why? > > The versions should be specified to ensure the app still works if any > dependency gets updated. Ranges could be used to accept minor version, but > block major ones (like `someting>=10,<11`) Because in my experience, the Python ecosystem (excluding the irredeemable dumpsterfire that is the Django community) tends not to break API in backwards-incompatible ways very often. And if they do, this app should be updated to support the changes. To that end, it might make sense to write a test suite. To be honest, I don’t care enough to even keep requirements.txt up to date because I’m just using openSUSE Tumbleweed’s packages anyway (which are generally up to date). In the few years 0x0.st has been running, I don’t recall any instance of API breakage. What I should do however is refactor the damn thing so it uses fewer abandoned/obsolete modules. 0x0 started out as a quick temporary solution, and it really shows that code quality was not a priority at any point in its development.