This is a message to all plugin writers.
At the moment, we are experiencing issues with the CI because of the recent upgrade of the pytest package. Pinning the pytest dependency with “<8” should resolve the following error:
PermissionError: [Errno 13] Permission denied: '/lost+found/**init**.py'
We recommend all plugin writers to adopt the said change in their respective repositories, like so: Pinning pytest<8 for unit/functional tests. · pulp/pulp_rpm@07ddb43 · GitHub.
For the lazy among us, and to find even the latest release branch out there, we intend to add a migration routine for this to the plugin template.
This recent breakage reinforced for us, why the Pulp team decided to require upper- and lower-bounds on all requirements. If we’d enforced that on test_requirements.txt, we wouldn’t have come in on a Monday to find All The Things were broken in our CI 
Part of the response to this instance included discussing whether we should be more restrictive - by using, say, pip-compile or a related tool to always specify the exact versions we’re using/testing against. The problem that arises with that, is it means that the Pulp team would need to cut a new release any time any dependency released a bug fix, for any reason. This puts us between “our users” and “reasonable security fixes”, for example, in a way that doesn’t feel…appropriate.
The consensus of the discussion can be summed up as “requiring upper- and lower- bounds the way we do is certainly imperfect, but it’s a reasonable compromise between ‘unexpected breakage’ and ‘allow for bugfixes’”. We will certainly be keeping an eye on how well that compromise is working, as Pulp moves forward.
Have an opinion? Let us know what you think!