I differential python library to "application". A library ends up typically on pypi to be used by another application. One should never do a pip install thislibrary in production. Should comes from a pip install thisapplication that consequently install other apps and libraries.
For me, application should indeed have frozen dependencies, to ensure perfect reproduction. But libraries deployed on pypi should better be using "range" for acceptable version. For exemple, if two libraries depends on frozen version of another lib (say 1.0 and 2.0), there will be a conflict. Libraries dependencies are better described with range (I know my lib will work with this dependencies from version 1.0 to 3.0, or require a version >1.1, and so on).
Is it possible to do this with the pipfile and how? It is possible to describe this subtility in the documentation? "How to handle dependencies of a library or an application" ?
kennethreitz
commented
7 years ago
Hello.
I differential python library to "application". A library ends up typically on pypi to be used by another application. One should never do a
pip install thislibraryin production. Should comes from apip install thisapplicationthat consequently install other apps and libraries.For me, application should indeed have frozen dependencies, to ensure perfect reproduction. But libraries deployed on pypi should better be using "range" for acceptable version. For exemple, if two libraries depends on frozen version of another lib (say
1.0and2.0), there will be a conflict. Libraries dependencies are better described with range (I know my lib will work with this dependencies from version1.0to3.0, or require a version>1.1, and so on).Is it possible to do this with the pipfile and how? It is possible to describe this subtility in the documentation? "How to handle dependencies of a library or an application" ?
Thanks