You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "potiuk (via GitHub)" <gi...@apache.org> on 2023/02/02 00:11:50 UTC

[GitHub] [airflow] potiuk commented on pull request #29285: Constrain Paramiko version to prevent auth SFTP issues

potiuk commented on PR #29285:
URL: https://github.com/apache/airflow/pull/29285#issuecomment-1412937420

   We do not change constraints in constraint branches. They are generated automatically from https://github.com/apache/airflow/blob/main/airflow/providers/ssh/provider.yaml - and if you want to limit the next release of providers, then you should be adding appropriate limits there. 
   
   But since you seem to be upper-binding it, you need to explain why - why 2.8.1, what should be remove to fix it and why this is is a problem from everyone affected. 
   
   if this is not a critical problem affecting a lot of users (it does not seem so) and not affecting a lot of people, there is no reason why such big "downgrade" should be needed. First of all - why 2.8.1 rather than 2.9.0 for example or 2.11.0 for example ? By looking here https://pypi.org/project/paramiko/#history - there were 15 releases since 2.8.1 so there is no way we would accept such downgrade without having a really good reason for it.
   
   If you think you should do such a change, you should make a PR changing provider.yaml and justify it explaining the actual "best" limit you can do with explanation on when the limit should be removed (see https://github.com/apache/airflow#approach-to-dependencies-of-airflow)
   
   > Whenever we upper-bound such a dependency, we should always comment why we are doing it - i.e. we should have a good reason why dependency is upper-bound. And we should also mention what is the condition to remove the binding.
   
   And BTW. By the nature of constraints - if your particular problem is exhibited even in version from the constraints, then you are free to downgrade this particular dependency. You can even install airflow with constraints first and follow it with `pip install dependency==X.Y.Z. This is perfectly valid and correct use case - especially in the case where the problem you experience is specific for you.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org