vinnyinverso
commented
1 month ago I created a JIRA ticket to address this. We'll also provide updates/feedback here as needed. Thanks for the detailed suggestion!
HARMONY-1837
Open jhkennedy opened 7 months ago
vinnyinverso
commented
1 month ago I created a JIRA ticket to address this. We'll also provide updates/feedback here as needed. Thanks for the detailed suggestion!
HARMONY-1837
harmony-pycurrently pins its core (and develop) dependencies down to compatible releases, specified all the way down to a specific patch set in some instances.Since Python has a flat dependency tree (can't have two versions of the same package in an environment) and
harmony-pyis a library^, not an application, this is overly restrictive.For example,
python-dotenvis pinned to~=0.20.0or>=0.20.0,==0.20.*which was released two years ago and is a major version behind (current v1.0.1). If any package in a user's environment depends onpython-dotenv>=0.21.0,harmony-pycannot be installed.There's an excellent long-form discussion of upper bounds here: https://iscinumpy.dev/post/bound-version-constraints/
Notably, this problem also exists with over-constrained lower bounds, although it's less problematic over time.
I'd suggest including the dependencies directly in the project metadata (
setup.py/setup.cfg/pyproject.toml) and only excluding known incompatibilities with version bounds, and only migrating bounds when new incompatibilities are discovered or resolved.For development, it's still often desirable to have a known working environment for developers, which is where
requirements.txtfiles come into play.While this requires some duplication as new requirements must be added to both the project metadata and the development environment specification, that cost significantly improves the usability of the library.
^ Here, I'm using a common generalization of "library" and "application" to primarily distinguish between how packages are installed into environments and who owns said environments.