properly pin dependencies
Closed this issue · 2 comments
ldruschk commented
using >=
for pre-1.0-dependencies is a bad idea when they might introduce backwards compatibility breaking changes
Trolldemorted commented
How does python manage transitive deps?
Don't you want to use pipenv lock
or something similar in the downstream projects? Would that lock our deps to specific versions too? I am sure you remember the dns bug in $httpfoolib, we don't want that again 😇
Edit: this might go into a separate issue
ldruschk commented
Usually you would run pip freeze > requirements.txt
, which leads to pinning all downstream projects as well