search

siemens / kas

Setup tool for bitbake based projects
MIT License
353 stars 144 forks source link

Loose dependencies cause forward compatibility issues #34

Closed denravonska closed 3 years ago

denravonska commented 3 years ago

Looking at setup.py it seems like the dependencies are only specified using a lower limit, something which is bound to cause reproducibility issues in the future:

install_requires=[
        'PyYAML>=3.0',
        'distro>=1.0.0',
        'jsonschema>=2.5.0',
    ],

When you install a certain kas version you never know if it's going to be compatible with its dependencies, something it will inevitably not be as time goes on. This should be changed to a reasonable upper bound which depends on how the dependencies manage their versions.

jan-kiszka commented 3 years ago

Thanks for the report, need to look into this before the next release. I'm not familiar enough with the components to quickly tell which version series to choose for each of them.