undefined | Better HN

0 pointsploxiln11y ago0 comments

Just today I learned that a version of requests from August broke compatibility with a version of pip from February, which is packaged in ubuntu 14.04. (I was installing dependencies with apt and pip as root in a docker image.) (http://stackoverflow.com/questions/27341064/how-do-i-fix-imp...)

Meanwhile, openssl and bash, while getting security updates very recently, are in their very latest versions still compatible with programs from probably over 8 years ago.

0 comments

ayrx11y ago

"Meanwhile, openssl and bash, while getting security updates very recently, are in their very latest versions still compatible with programs from probably over 8 years ago."

You have obviously never worked with OpenSSL.

Also, the problems with `pip` is entirely due to Ubuntu not updating their dependencies properly. Upstream `pip` vendors their dependencies so that this precise situation does not occur.

ploxilnOP11y ago

That does make sense. Since pip is managed this way, Ubuntu should probably classify pip as "not system software, actually flaky web-app-dev software" and not package it.

j / k navigate · click thread line to collapse