Learn more about these different git repos.
Other Git URLs
See also #5306.
The current requirements.txt restricts the pygit2 package version:
requirements.txt
pygit2
pygit2 >= 0.26.0, <=1.8.0
There are several problems with this:
1.13.3
pygit2-1.8.0
libgit2-1.3
pygit2==1.8.0
libgit2-devel
libgit2-1.7.1
It seems, from the documentation (again, see #5306) that there might be an assumption that pygit2 and libgit2 use the same versioning — IOW, the intention might be to restrict pygit2 to a version based on libgit2-1.8 or earlier.
libgit2-1.8
If so, that's not done correctly, as the pygit2 versions that use libgit2-1.7.1 are currently pygit2==1.13.0 through pygit2==1.13.3.
pygit2==1.13.0
pygit2==1.13.3
It looks like commit c937675 created this mess:
commit c9376756 Author: Dominik Wombacher <dominik@wombacher.cc> Date: 2023-01-18 17:57:28 +0100 build(requirements): pin python package versions Package version pinning in all requirements files introduced. Necessary for a stable and reproducible testing environment. Also to provide clear guidance about tested package versions. Maximum package versions defined based on common ground between: rpm - F34, F36, CentOS8 Stream, pip - F34, F36 and FreeBSD 13.1.
Unfortunately, done in such a heavy-handed manner, pinning versions (especially major versions) is a terrible idea fraught with problems. Chief among them: the assumption that the same older package versions can be used with any newer Python version. pygit2 handily proves why that's not the case. You'd need to pin a separate version of pygit2 for each supported Python version, for this to actually work.
(Besides, as the pip documentation explains, true repeatable installs require full == pinning, not <= pinning.)
==
<=
there might be an assumption that pygit2 and libgit2 use the same versioning — IOW, the intention might be to restrict pygit2 to a version based on libgit2-1.8 or earlier. If so, that's not done correctly, as the pygit2 versions that use libgit2-1.7.1 are currently pygit2==1.13.0 through pygit2==1.13.3.
there might be an assumption that pygit2 and libgit2 use the same versioning — IOW, the intention might be to restrict pygit2 to a version based on libgit2-1.8 or earlier.
(Based on the above commit, I was wrong about this. Though, #5306 shows that the documentation still makes that assumption.)
This is essentially part of #5376.
Metadata Update from @ngompa: - Issue set to the milestone: 6.0 - Issue tagged with: debt
Metadata Update from @wombelix: - Issue assigned to wombelix
This issue will be fixed with https://pagure.io/pagure/pull-request/5463, to be reviewed and merged soon.
Metadata Update from @wombelix: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.