Re-consider use of pins to encourage leaving dependencies unpinned

consideRatio commented 1 year ago

We have pins to the patch version in our environment.yml file, and when users clone that and make changes, I think that sets a bad precedence for them.

I've maintained docker images for several years, and having things pinned and not pinned has pro's and con's, but I'm a firm believer that we and people cloning this repo will end up benefiting from not pinning dependencies overall.

Action point

Indicate disagreement or agreement to take the action of unpinning the following dependencies entirely

[ ] jupyter_contrib_nbextensions==0.5.1
[ ] jupyterhub-singleuser>=3.0,<4.0
[ ] nbgitpuller=1.1.*

https://github.com/2i2c-org/hub-user-image-template/blob/f9aff1e31458b09010cb99f3975698de57cba2aa/environment.yml#L7-L14

yuvipanda commented 1 year ago

https://github.com/2i2c-org/hub-user-image-template/issues/11 is pretty relevant too.

I think we have to have some control over jupyterhub-singleuser and nbgitpuller, and the default python version on repo2docker was far too old. Perhaps one way to deal with this is to specify minimum required versions here rather than pin as we have?

damianavila commented 1 year ago

I think we have to have some control over jupyterhub-singleuser and nbgitpuller, and the default python version on repo2docker was far too old. Perhaps

I concur about maintaining control of some specific packages (like the ones mentioned by @yuvipanda). For any others, let'em fly free, IMHO.

2i2c-org / hub-user-image-template

Re-consider use of pins to encourage leaving dependencies unpinned #24

Action point