GitLab

Originally created by @zen on #17342 (Redmine)

We’re currently installing and enforcing versions of pip packages using puppet. If we want stricter control over the packages installed, we’d have to express the whole dependency chain and make sure that nothing else than the explicitelly expressed would be installed (i am not sure what’s the current situation regarding that).

@hefee, maybe we can adapt your scripts to generate the Puppet code for this? I think it’s unfeasible to maintain this in the long run without some automation.

Does someone have more background on the decision of installing each of the Python modules from their upstreams’ repositories instead of installing from the pip repository (u, intrigeri, @hefee)? And about the current measures taken to avoid installation of dependencies from pip repo during a package installation?