![](https://seccdn.libravatar.org/avatar/022a482927e713146ced675bb5399746.jpg?s=120&d=mm&r=g)
On 12/13/20 9:37 AM, Matěj Cepl wrote:
What would break if we revert dnspython back to 1.*
Actually dnspython is a very good example to look at. In my case I was forced to change the code in my own upstream software regardless what's present in downstream package repos. Why? Because if people do a pip install they'll get dnspython 2.x. Yes, I could pin to dnspython <= 1.6.x but then nobody will receive security updates if upstream author decides not to maintain the 1.6 release anymore. Also dnspython 1.6 could be removed downstream. So pinning in such a way is bad practice. It could be done temporarily but there's no valid definition for "temporarily" and thus in practice the pinning would last forever until another dependency breaks it. => Bite the bullet and fail forward. Ciao, Michael.