From 20dbfb2e54bb5e714ee3f7d7a4b0be928a2536c8 Mon Sep 17 00:00:00 2001 From: Hpar Date: Fri, 24 Jan 2025 11:12:44 +0100 Subject: [PATCH] Update CONTRIBUTING.rst Add some notes about pinning python dependencies. Taken from sbidoul : https://github.com/OCA/queue/pull/530#issuecomment-1755968900 --- website/Contribution/CONTRIBUTING.rst | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/website/Contribution/CONTRIBUTING.rst b/website/Contribution/CONTRIBUTING.rst index 7c4e683..5bdc763 100644 --- a/website/Contribution/CONTRIBUTING.rst +++ b/website/Contribution/CONTRIBUTING.rst @@ -279,6 +279,17 @@ the `external_dependencies` section to `__manifest__.py`. 'installable': True, } +Regarding python package pinning, it is a responsibility of the integrator delivering the end-project. + +* a module should never place exact pins on their dependencies (whether they are also Odoo dependencies or not); +* a module may require a lower bound (e.g. external_dependency_python>1.4) if they depend on recent features of a library (but not higher than necessary); +* a module may exceptionally place an upper bound if they know they are incompatible with recent versions of a library AND it is not feasible to fix the compatibility issue. + +If too strict bounds or pinning is done in module, then integrators quickly land in dependency hell with unresolvable depency conflicts. + +Note that versions in Odoo's requirement.txt are a recommendation (known good versions used in some Debian and/or Ubuntu versions), but Odoo may work well with more recent versions of many libraries, and it frequently happens that one needs to use more recent versions of the Odoo requirements to be compatible with other modern libraries. + + An entry in `bin` needs to be in `PATH`, check by running `which external_dependency_binary_N`.