In light of the recent threads and issues surrounding PyPI, openstack/requirements and version pinning, I'd like to discuss dependency management as it relates to OpenStack froma much higher vantage point. I think we need to go all the way back to use cases and requirements and set them out very clearly. Then, armed with that, we can assess various technology solutions for dealing with them both for CI and for people consume our software.