RFC: DEP 7 - dependency policy
256 views
Skip to first unread message
Jacob Kaplan-Moss
Nov 5, 2016, 8:24:28 AM11/5/16
to django-developers
Hi all -
DEP 7 proposes a new dependency policy. In a nutshell, the policy is: Python packaging is good now. Django can have dependancies.
For full details, please check out the DEP: https://github.com/django/deps/blob/master/draft/0007-dependency-policy.rst
I'd appreciate any comments and feedback y'all have before I submit this to the technical board for review. In particular, there are a couple of things I'd like feedback on:
- Are my criteria for "maturity" appropriate? Will they cover use-cases we want to cover?
- Do we need more policy/process around dealing with potential abandonment issues?
Thanks,
Jacob
Andrew Godwin
Nov 5, 2016, 9:24:23 AM11/5/16
to Django developers (Contributions to Django itself)
I think the "maturity" criteria are pretty sensible, though I am slightly concerned about the potential for a project to be effectively unmaintained even though there's someone's name on it who are active elsewhere.
Do you think there's a sensible way we could outline a few checks for what it means to be maintained? It's not something I think we could make hard and fast rules for, but a sort of checklist for us to use to check dependencies every release might be useful.
Andrew
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscribe@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAK8PqJEMoT-v5SqLzauC6XtxQ%2BAXSHJEUOSWcGody3r9i73f9w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Patryk Zawadzki
Nov 5, 2016, 12:20:05 PM11/5/16
to Django developers (Contributions to Django itself)
W dniu sobota, 5 listopada 2016 13:24:28 UTC+1 użytkownik Jacob Kaplan-Moss napisał:
Hi all -DEP 7 proposes a new dependency policy. In a nutshell, the policy is: Python packaging is good now. Django can have dependancies.For full details, please check out the DEP: https://github.com/django/deps/blob/master/draft/0007-dependency-policy.rstI'd appreciate any comments and feedback y'all have before I submit this to the technical board for review. In particular, there are a couple of things I'd like feedback on:- Are my criteria for "maturity" appropriate? Will they cover use-cases we want to cover?
What are your concerns here? Couldn't Django eventually either take over or vendor-in the project if it ever becomes unresponsive?
Cheers,
Thomas Fuller
Nov 7, 2016, 12:50:06 PM11/7/16
to Django developers (Contributions to Django itself)
There's a fragment in the policy list of the abstract:
rough consensus among the community and core team that the chosen dependency
I assume that phrase should end with "is needed"
-Thomas
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/af985f1f-7f37-4527-9cf7-6603ed992627%40googlegroups.com.
Tim Allen
Nov 11, 2016, 11:18:35 AM11/11/16
to Django developers (Contributions to Django itself)
This makes sense, and the DEP looks great. Just a few thoughts:
- Django has always had dependencies, just external to PyPI. Python itself is the obvious one. While not absolutely required for Django, a database driver stack is another (psycopg2, mysql-connector, pyodbc, etc). Perhaps we can look into the maturity levels of these existing dependencies for some concrete ideas on what sort of requirements will be needed for stable Python packages to be included.
- This should go without saying, but to be explicit, it may be worth noting that any packages must support the same versions of Python that current Django versions support, including LTS releases. I have actually run into a similar issue in the past not directly with Django, but relating to developer environments (Red Hat 6.x having system Python v. 2.6.6, no longer being compatible with virtualenv's newer versions). This is tangentially related to the "Backwards compatible" section of the DEP.
Regards,
Tim
Shai Berger
Nov 12, 2016, 9:45:22 AM11/12/16
to django-d...@googlegroups.com
Hi all,
I just had a look, and noted,
On Saturday 05 November 2016 14:23:43 Jacob Kaplan-Moss wrote:
>
> DEP 7 proposes a new dependency policy. In a nutshell, the policy is:
> Python packaging is good now. Django can have dependancies.
>
Actually, we have an already accepted DEP 7. It deals with official projects. If
we don't want to rename DEP 8 (data collection) as well, then this should
probably be DEP 9.
I just had a look, and noted,
On Saturday 05 November 2016 14:23:43 Jacob Kaplan-Moss wrote:
>
> DEP 7 proposes a new dependency policy. In a nutshell, the policy is:
> Python packaging is good now. Django can have dependancies.
>
we don't want to rename DEP 8 (data collection) as well, then this should
probably be DEP 9.
Reza Shalbafzadeh
Nov 20, 2016, 8:59:28 AM11/20/16
to Django developers (Contributions to Django itself)
Hi
Another thing to consider is license of those dependencies
shall we accept dependencies with licenses like GPL v3 ?
best regards
Reza
Another thing to consider is license of those dependencies
shall we accept dependencies with licenses like GPL v3 ?
best regards
Reza
Reply all
Reply to author
Forward
0 new messages