PEP 458: Mark as Accepted #1306
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@dstufft is away from convenient GitHub access at the moment, so I'm updating this as per his Discourse post. |
lukpueh
pushed a commit
to lukpueh/tuf
that referenced
this pull request
Feb 18, 2020
Follows up on theupdateframework#978, which had the following problems: - too many requirements files (cc @trishankatdatadog ;) - used custom tooling around pip-compile, which prevented Dependabot from updating all files, because Dependabot "shells out" to pip-compile, making assumptions about the format of the compiled files, that we didn't meet. This commit restructures the requirements files, choosing a much simpler approach: - Merges requirements-tox.txt and requirements-test.txt. The separation was semantically correct but operationally irrelevant. - Removes the hashed requirements file, which doesn't add much security, especially with PEP 458 on the way (see python/peps#1306), but extra maintenance (see note about requirements.txt in theupdateframework#978). - Removes the shell script that combined the results of pip-compile for all supported Python versions and instead pip-compiles for one Python version only. See comments about conditional transitive dependencies in requirements.txt in this PR for details.
3 tasks
lukpueh
pushed a commit
to lukpueh/tuf
that referenced
this pull request
Feb 18, 2020
Follows up on theupdateframework#978, which had the following problems: - too many requirements files (cc @trishankatdatadog ;) - used custom tooling around pip-compile, which prevented Dependabot from updating all files, because Dependabot "shells out" to pip-compile, making assumptions about the format of the compiled files, that we didn't meet. This commit restructures the requirements files, choosing a much simpler approach: - Merges requirements-tox.txt and requirements-test.txt. The separation was semantically correct but operationally irrelevant. - Removes the hashed requirements file, which doesn't add much security, especially with PEP 458 on the way (see python/peps#1306), but extra maintenance (see note about requirements.txt in theupdateframework#978). - Removes the shell script that combined the results of pip-compile for all supported Python versions and instead pip-compiles for one Python version only. See comments about conditional transitive dependencies in requirements.txt in this PR for details. Signed-off-by: Lukas Puehringer <[email protected]>
lukpueh
pushed a commit
to lukpueh/tuf
that referenced
this pull request
Feb 18, 2020
Follows up on theupdateframework#978, which had the following problems: - too many requirements files (cc @trishankatdatadog ;) - used extra tooling around pip-compile that - didn't take into account requirement markers (see comments in requirements.txt in this commit), and - confused Dependabot, which expects the hashed requirements file in a certain format, as pip-compile would generate it without custom tooling (see theupdateframework#979). This commit restructures the requirements files as follows: - Merges requirements-tox.txt and requirements-test.txt. The separation was semantically correct but operationally irrelevant. - Removes the hashed requirements file, which doesn't add much security, especially with PEP 458 on the way (see python/peps#1306), but extra maintenance (see notes about requirements.txt in theupdateframework#978 and about Dependabot above) - Manually adds environment markers to requirements-pinned.txt (see comments in requirements.txt in this commit). Signed-off-by: Lukas Puehringer <[email protected]>
mnm678
pushed a commit
to mnm678/peps
that referenced
this pull request
Oct 22, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.