PEP 665: add some open issues
This commit is contained in:
parent
8d32878e36
commit
2147ddc995
57
pep-0665.rst
57
pep-0665.rst
|
@ -937,6 +937,7 @@ would provide enough flexibility for things such as other version
|
|||
control systems, innovative container formats, etc. to be officially
|
||||
usable in a lock file.
|
||||
|
||||
|
||||
-----------------------------------------------
|
||||
Support Variable Expansion in the ``url`` field
|
||||
-----------------------------------------------
|
||||
|
@ -949,6 +950,62 @@ Environment variables could be supported to avoid hardcoding things
|
|||
such as user credentials for Git.
|
||||
|
||||
|
||||
---------------------------------------------------------------
|
||||
Don't Require Lock Files Be in a ``pyproject-lock.d`` directory
|
||||
---------------------------------------------------------------
|
||||
|
||||
It has been suggested that since installers may very well allow users
|
||||
to specify the path to a lock file that having this PEP say that
|
||||
"MUST be kept in a directory named ``pyproject-lock.d``" is pointless
|
||||
as it is bound to be broken. As such, the suggestion is to change
|
||||
"MUST" to "SHOULD".
|
||||
|
||||
|
||||
---------------------------------------------------
|
||||
Record the Date of When the Lock File was Generated
|
||||
---------------------------------------------------
|
||||
|
||||
Since the modification date is not guaranteed to match when the lock
|
||||
file was generated, it has been suggested to record the date as part
|
||||
of the file's metadata. The question, though, is how useful is this
|
||||
information and can lockers that care put it into their ``[tool]``
|
||||
table instead of mandating it be set?
|
||||
|
||||
|
||||
--------------------------
|
||||
Locking Build Dependencies
|
||||
--------------------------
|
||||
|
||||
Thanks to PEP 518, source trees and sdists can specify what build
|
||||
tools must be installed in order to build a wheel (or sdist in the
|
||||
case of a source tree). It has been suggested that the lock file also
|
||||
record such packages so to increase how reproducible an installation
|
||||
can be.
|
||||
|
||||
There is nothing currently in this PEP, though, that prohibits a
|
||||
locker from recording build tools thanks to ``metadata.needs`` acting
|
||||
as the entry point for calculating what to install. There is also a
|
||||
cost in downloading all potential sdists and source trees, reading
|
||||
their ``pyproject.toml`` files, and then calculating their build
|
||||
dependencies for locking purposes for which not everyone will want to
|
||||
pay the cost for.
|
||||
|
||||
|
||||
--------------------------------------------------------------
|
||||
Recording the ``Requires-Dist`` Input to the Locker's Resolver
|
||||
--------------------------------------------------------------
|
||||
|
||||
While the ``needs`` key allows for recording dependency specifiers,
|
||||
this PEP does not currently require the ``needs`` key to record the
|
||||
**exact** ``Requires-Dist`` metadata that was used to calculate the
|
||||
lock file. It has been suggested that recording the inputs would help
|
||||
in auditing the outcome of the lock file.
|
||||
|
||||
If this were to be done, it would be an key named ``requested`` which
|
||||
lived along side ``needs`` and would only be specified if it would
|
||||
differ from what is specified in ``needs``.
|
||||
|
||||
|
||||
===============
|
||||
Acknowledgments
|
||||
===============
|
||||
|
|
Loading…
Reference in New Issue