Version pinning is bad for the ecosystem
- If there is a bug in a version and the bug is fixed in a newer version, the author of a downstream package can prevent an upstream fix from improving the situation for the user. this can result in duplicate reports, wasted time tracking things down, etc..
- If there is a bug in a new version, having an old pinned version will cause the bug to persist. The bug will statistically be caught later, because less people are doing effective testing on it.
Bugs are unfortunately found by users sometimes. Especially the rare ones.
fixing this?
I should write a program that can detect unnecessary version pinning
- get a repo
- modify requirements to remove pinned versions
- install packages
- runt tests
- record test results
- possibly uninstall?