14
submitted 3 months ago by obbeel@lemmy.eco.br to c/opensource@lemmy.ml

Today I had to downgrade fastapi from 0.114.0 to 0.112.4 to make a software work. And it just hit me - what if pip didn't support 0.112.4 anymore? We would lose a good piece of software just because of that.

Of course, we can "freeze" the packages into an executable that will run for as long as the OS supports it. Which is a lot longer. But the executable is closed source. We can't see the code that is run from an executable.

Therefore, there is a need for an alternative to which we still have access to the packages even after the program is built. That would make it safely unnecessary for pip to store all versions of all packages forever more.

Any ideas?

you are viewing a single comment's thread
view the rest of the comments
[-] CameronDev@programming.dev 39 points 3 months ago

If its an open source project, the answer is to rebuild from the tagged source.

Eg: https://github.com/fastapi/fastapi/tree/0.112.4

With the right repo setup, you can pip install git+https://github.com/fastapi/fastapi.git@0.112.4 (example only, not sure it works), so pypi doesn't need to keep all previous wheels, its just easier for it to do so.

this post was submitted on 07 Sep 2024
14 points (73.3% liked)

Open Source

31724 readers
191 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS