Flexible Dependencies for Development

[egyptiankarim]

In addition to pinning dependencies in master, it might make sense to keep the develop branch nice and flexible, with the expectation that it might break.

I think it makes sense to retain the capability to build from "unpublished" source when necessary.

As a rule-of-thumb, maybe we also agree that the minimum version accepted by develop be the version we pin in master.

[jsf9k]

I think this is definitely better versioning than what we have been using, so I'm approving it. I'm still not sure if this is the optimal solution, though.

[konklone]

What does this add to the release process of a new PyPi version? Do the version numbers have to change each time? Will they stay constantly out of sync between develop and master?

[jsf9k]

@konklone, I think develop and master always being out of sync is a good point.

Better would be not to use the current version for each package, but instead figure out the minimum version that will work.

[konklone]

Better would be not to use the current version for each package, but instead figure out the minimum version that will work.

This is mostly the case now:

    install_requires=[
        'requests>=2.18.4',
        'sslyze>=1.4.1',
        'wget>=3.2',
        'docopt',
        'pytablereader',
        'pytablewriter',
        'publicsuffix',
        'pyopenssl>=17.2.0'
    ],

Should we identify good minimum versions for the remaining 4 requirements and call it a day?

[egyptiankarim]

Should we identify good minimum versions for the remaining 4 requirements and call it a day?

I think that's the crux of this PR's principal commit 327ca18.

[IanLee1521]

LGTM, needs a minor fix up of a conflict in setup.py