We have been allowing developers to list as many or as few direct dependencies as they wish in the ups file of a package, as long as the chain of dependencies includes everything needed. I propose that we recommend that every package list all direct dependencies in the ups file because:
- It is more robust against changes in dependent packages. If package A depends on B and C, and B depends on C, then it is sufficient for A to only list B as a dependency. But if B is later changed to not rely on C then this breaks A in a way that is surprising.
- It makes the dependencies of the package explicit to readers of the code.
- It reduces the need to understand the dependency tree of dependent packages.
This is clearly a contentious issue so I am directly assigning it to K-T