Comments (4)
I always thought this was dumb, we should let people screw things up if they want
from passa.
One thing to consider (I think) is a package might be screwing the user. Say a package want to make sure it’s installed by pip 10.0 or later. A package maintainer without understanding well about Python packaging (gotta admit it’s difficult to do), (s)he might list pip>=10.0
in installs_require
. This would mean that the user would have pip==18.0
in the lock file, and wouldn’t be able to upgrade to later pip until the lock file is regenerated. But that’s a thing I’d want to avoid. (This is unfortunately a quite common problem in Python packaging; even big-name packages such as pytest tend to list setuptools in installs_require
instead of setup_requires
and PEP 518, because that has the best compatibility with old versions of pip.)
If the goal is to allow user to screw things up, maybe the best approach is to drop setuptools and pip requirements, unless they are listed in Pipfile. This would be straightforward to do (I think)—just exclude them from the return value of get_dependencies
. Requirements listed in Pipfile don’t go through that function, so they won’t be excluded, but other requirements do go through there, and will be prevented from messing with the user.
from passa.
FYI we may want to protect wheel
also
from passa.
I don’t think wheel is strictly required to install packages; pip currently falls back to setup.py install
if wheel is missing (and when build isolation is disabled). I want to keep the protected set as small as possible; we can always amend it if we need to, but if we protect it now, we may never be able to remove it in the future.
from passa.
Related Issues (20)
- Better error messaging if the Pipfile is invalid
- Better error messaging (or more eager validation) for invalid requirement lines
- Allow prereleases if the specifier contains a prerelease version HOT 4
- Prerelease fallback when no versions are found is broken
- Requirement conflicts when mixing named and non-named specification for a package HOT 4
- [Future] Investigate replacing pip internals HOT 3
- freeze result should order packages by (normalized) name, not the formatted line
- Review how non-named requirements are locked into candidates HOT 1
- Support non-setuptools-backed editable setup HOT 5
- Maybe project should not require Pipfile? HOT 2
- Better error reporting when wheel building fails
- [Future] PEP 517 support HOT 1
- [Future] Investigate dependency graph implementation in distlib HOT 2
- Hash-fetching needs to reuse connections better HOT 1
- Running `add` against projects with no lockfile fails
- Write some integration tests HOT 3
- Packing tests are failing HOT 6
- Warn about invalid extras during locking HOT 2
- Passa lock fails due to KeyError HOT 1
- Support both & and | for metasets merging.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from passa.