11 Nov
2023
11 Nov
'23
7:09 p.m.
the "requirements.txt with "~=" compatible" bit sounds reasonable. By the way, the current rolling release of your docker image sports the 0.58.2 version and seems to work just fine.
Am 2. November 2023 um 09:24 schrieb "Abhilash Raj" <maxking@asynchronous.in <mailto:maxking@asynchronous.in?to=%22Abhilash%20Raj%22%20%3Cmaxking%40asynchronous.in%3E>>:
(...)
I agree, but past few days I've been thinking if we should do
_something_ about it so that after a while 'pip install' doesn't just
start failing for folks forcing us to do another release to pin to a
version that we support.
In the past, we've had to do that a couple of times for various
packages
and maybe it doesn't make sense for to pin to a very specific version,
but maybe we can provide a requirements.txt with "~=" compatible
release
requirements so it doesn't stop newer bugfix/security releases from
being installed.
There will still be issues with packages that don't follow semver or
unknown bugs (which was the case IIUC in allauth) that creep up, but it
can still prevent us from intentional compat changes made by bumping
major version.
Thoughts?
(...)