From aa270b37a23d83b812b444cfae52f64e95e4a9dd Mon Sep 17 00:00:00 2001 From: alexzorin Date: Fri, 12 May 2023 07:52:02 +1000 Subject: [PATCH] docs: add "Choosing dependency versions" to contributing.rst (#9681) * docs: add "Choosing dependency versions" to contributing.rst * change a word --- certbot/docs/contributing.rst | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/certbot/docs/contributing.rst b/certbot/docs/contributing.rst index 6459fd68e..296ccf2fb 100644 --- a/certbot/docs/contributing.rst +++ b/certbot/docs/contributing.rst @@ -621,3 +621,29 @@ https://python-poetry.org/docs/dependency-specification/. If you want to learn more about the design used here, see ``tools/pinning/DESIGN.md`` in the Certbot repo. + +Choosing dependency versions +---------------------------- + +A number of Unix distributions create third-party Certbot packages for their users. +Where feasible, the Certbot project tries to manage its dependencies in a way that +does not create avoidable work for packagers. + +Avoiding adding new dependencies is a good way to help with this. + +When adding new or upgrading existing Python dependencies, Certbot developers should +pay attention to which distributions are actively packaging Certbot. In particular: + +- EPEL (used by RHEL/CentOS/Fedora) updates Certbot regularly. At the time of writing, + EPEL9 is the release of EPEL where Certbot is being updated, but check the `EPEL + home page `_ and `pkgs.org + `_ for the latest release. +- Debian and Ubuntu only package Certbot when making new releases of their distros. + Checking the available version of dependencies in Debian "sid" and "unstable" can help + to identify dependencies that are likely to be available in the next stable release of + these distros. + +If a dependency is already packaged in these distros and is acceptable for use in Certbot, +the oldest packaged version of that dependency should be chosen and set as the minimum +version in ``setup.py``. +