pradyunsg
commented
2 years ago This has been picked up by volunteers, who've worked on this since Feb 2021 -- PEP 665 and https://discuss.python.org/t/11736/ is the current effort.
Open xmunoz opened 3 years ago
pradyunsg
commented
2 years ago This has been picked up by volunteers, who've worked on this since Feb 2021 -- PEP 665 and https://discuss.python.org/t/11736/ is the current effort.
di
commented
2 years ago I think the "and implement" part still might require funding here?
xmunoz
commented
2 years ago Ok, I'll re-open and update the title.
AkechiShiro
commented
9 months ago What is left to do here ? @xmunoz @pradyunsg PEP 665 has been rejected, is there any new follow-up PEP ? Is the design for the lockfile standardized ? Can work on the support for pip start ?
pradyunsg
commented
8 months ago What is left to do here ?
A follow up PEP, specifying a lock file format that also caters to source distributions (since that has been requested).
PEP 665 has been rejected, is there any new follow-up PEP ?
Not at this time, no.
Is the design for the lockfile standardized ?
Not at this time, no.
Can work on the support for pip start ?
Not at this time, no.
pipcurrently usesrequirements.txtto specify dependencies; it can specify versions of packages but not hashes. The newer pipfile format can include hashes, which some users prefer. Butpipdoesn't yet supportpipfile, so many users are blocked from using hashes to better secure their Python runtimes. We have made some progress toward standardizing an interoperable lockfile format, but we need to finish that design standardization and consensus-gathering work and implement it inpip,pipenv, and related tools. We'd need Python engineering work and project management to develop and deploy this.Related: PEP 650 -- Specifying Installer Requirements for Python Projects