Replies: 1 comment
-
|
@pacrob : This is a very thoughtful proposal, thank you for raising it! 👏 Completely agree - we don’t want to arbitrarily raise dependency lower bounds and cause friction for downstream users, but at the same time, we have a responsibility to ensure that the versions we claim to support are secure, modern, and actually tested in practice. The two concrete ideas you suggested strike a great balance between stability and progress: 1. Compatibility Policy 2. CI Testing of Minimum Versions Happy to see us move forward with both of these. The CI piece feels immediately actionable (and a clear win for reliability), while the compatibility policy can evolve as we draft it out and invite community input. Together, these changes will make our maintenance efforts stronger and more predictable. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
The question came up while reviewing #732. We don’t want to arbitrarily raise the lower bounds of our dependencies, since that can create dependency issues for users. But we should also ensure we’re using modern, secure versions that we’ve actually tested.
A couple of proposals:
Compatibility Policy
Review our dependencies and supported Python versions on a regular basis—at least annually. The review should consider security advisories, upstream Python version support, and other relevant changes. The policy should be in our docs for contributors and users.
CI Testing of Minimum Versions
Add a CI job that installs the lowest supported versions of each dependency and verifies that the test suite still passes.
Beta Was this translation helpful? Give feedback.
All reactions