Michael Ströder píše v Ne 13. 12. 2020 v 18:00 +0100:
Actually dnspython is a very good example to look at.
In my case I was forced to change the code in my own upstream software regardless what's present in downstream package repos.
Why? Because if people do a pip install they'll get dnspython 2.x.
Yes, I could pin to dnspython <= 1.6.x but then nobody will receive security updates if upstream author decides not to maintain the 1.6 release anymore. Also dnspython 1.6 could be removed downstream. So pinning in such a way is bad practice. It could be done temporarily but there's no valid definition for "temporarily" and thus in practice the pinning would last forever until another dependency breaks it.
=> Bite the bullet and fail forward.
Which hopefully at least in some cases we help by patching the offended packages. Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mcepl@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 As long as we are thinking of natural values we must say that the sun looks down on nothing half so good as a household laughing together over a meal, or two friends talking over a pint of beer, or a man alone reading a book that interests him; and that all economies, politics, laws, armies, and institutions, save insofar as they prolong and multiply such scenes, are a mere ploughing the sand and sowing the ocean, a meaningless vanity and vexation of the spirit. Collective activities are, of course, necessary, but this is the end to which they are necessary. -- C.S. Lewis, “Membership” in “The Weight of Glory”