how does a packager find version requirements for indirect dependencies? #1343
Labels
No labels
0.2.0
0.3.0
0.4.0
0.5.0
0.5.1
0.6.0
0.6.1
0.7.0
0.8.0
0.9.0
1.0.0
1.1.0
1.10.0
1.10.1
1.10.2
1.10a2
1.11.0
1.12.0
1.12.1
1.13.0
1.14.0
1.15.0
1.15.1
1.2.0
1.3.0
1.4.1
1.5.0
1.6.0
1.6.1
1.7.0
1.7.1
1.7β
1.8.0
1.8.1
1.8.2
1.8.3
1.8β
1.9.0
1.9.0-s3branch
1.9.0a1
1.9.0a2
1.9.0b1
1.9.1
1.9.2
1.9.2a1
LeastAuthority.com automation
blocker
cannot reproduce
cloud-branch
code
code-dirnodes
code-encoding
code-frontend
code-frontend-cli
code-frontend-ftp-sftp
code-frontend-magic-folder
code-frontend-web
code-mutable
code-network
code-nodeadmin
code-peerselection
code-storage
contrib
critical
defect
dev-infrastructure
documentation
duplicate
enhancement
fixed
invalid
major
minor
n/a
normal
operational
packaging
somebody else's problem
supercritical
task
trivial
unknown
was already fixed
website
wontfix
worksforme
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: tahoe-lafs/trac-2024-07-25#1343
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The method of finding Tahoe's indirect requirements documented at http://tahoe-lafs.org/trac/tahoe-lafs/wiki/AdvancedInstall#Dependencies,
The indirect dependencies are pyutil, zbase32, and argparse. It might be easier just to document that (with minimum version requirements if any) and update the documentation manually.
This is actually a pretty hard problem to solve. The issue is that indirect dependencies are not a concrete thing and can depend on what version of direct dependencies get installed (or are already installed).
For instance:
In the above example there isn't a single set of requirements, it's a tree where the final set depends on what version of foo ends up being selected for installation. It can be expressed of course but it can be a very confusing representation if the version specifiers of anything but the root of the tree varies. If they are static then you can collapse the branches into a single branch and you may (in a simple case) get a single set because every combination of dependencies ends up having the same requirement specifiers.
I'd really prefer to just remove the dependencies on pyutil, zbase32, and argparse (or promote them to direct dependencies if Tahoe really transitively needs them).
Tahoe-LAFS has a lot of transitive dependencies now. If anything, this issue is much worse and more pressing than it was 7 years ago. Yet there is still no particularly good solution.
"Try some versions and see if they work"? That is essentially all the Tahoe-LAFS project does. "some versions" are generally "the latest releases of most things at the time of testing / release".
A package could look at Tahoe-LAFS CI and see what those versions are and pick them. On the other hand, a packager is almost certainly going to use whatever versions of the dependencies someone else has already packaged in the system they are packaging for. And if the result doesn't work ... well, is anyone going to care?
I think it would be great to fix this but I don't know what change is actually going to be helpful, nor to whom. It would probably be better if some packagers showed up and asked for something that would help them out. That tends not to happen, though. Packagers are busy and often don't spend a lot of time proactively engaging with upstream.
Maybe no one should use a Tahoe-LAFS packaged by anyone except the Tahoe-LAFS project. That would simplify matters significantly.
This seems awfully closely related to https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1452