iSharkFly-Open
/
python-peps
mirror of https://github.com/python/peps.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

PEP 665: address feedback (#2134) 

- Clarify some things.
- Remove the format requirement for `created-at`.
- List the current tools which have said they support the PEP.
This commit is contained in:
Brett Cannon 2021-11-05 16:08:49 -07:00 committed by GitHub
parent 026d74bde7
commit 4b865b95a7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 33 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
pep-0665.rst
View File

@ -32,12 +32,13 @@ Terminology
There are several terms whose definition must be agreed upon in order
to facilitate a discussion on the topic of this PEP.
A *package* is something you install as a dependency and use via an
``import`` statement. The packages on PyPI are an example of this.
A *package* is something you install as a dependency and use via the
import system. The packages on PyPI are an example of this.
An *application* or *app* is an end product that other bits of code do
not directly rely on and are not imported. Desktop applications,
command-line tools, etc. are examples.
An *application* or *app* is an end product that other external code
does not directly rely on via the import system (i.e. they are
standalone). Desktop applications, command-line tools, etc. are
examples.
A *lock file* records the packages that are to be installed for an
app. Traditionally, the exact version of the package to be installed
@ -61,9 +62,10 @@ Motivation
==========
Applications want reproducible installs for a few reasons (we are not
worrying about package development in this use case, as you actually
want your installation requirements to be as *flexible* as possible in
that situation).
worrying about package development, integration into larger systems
that would handle locking dependencies external to the Python
application, or other situations where *flexible* installation
requirements are desired over strict, reproducible installations).
One, reproducibility eases development. When you and your fellow
developers all end up with the same files on a specific platform, you
@ -245,14 +247,14 @@ thanks to its adoption by PEP 518 for ``pyproject.toml``, but also
assists in making lock files more human-readable.
Lock files MUST end their file names with ``.pylock.toml``. The
``.toml`` part unambiguous distinguishes the format of the file, and
helps tools like code editors support the file appropriately. The
``.toml`` part unambiguously distinguishes the format of the file,
and helps tools like code editors support the file appropriately. The
``.pylock`` part distinguishes the file from other TOML files the user
has, to make logic easier for tools to create functionalities specific
to Python lock files, instead of TOML files in general.
The following sections are the top-level keys of the TOML file data format.
Any field not listed as required is considered optional.
The following sections are the top-level keys of the TOML file data
format. Any field not listed as required is considered optional.
``version``
@ -284,12 +286,9 @@ but the lock file specifies ``"2.0"``).
This field is **required**.
The timestamp for when the lock file was generated. It MUST be
recorded using the UTC time zone. For ease of use with the
``datetime.datetime.fromisoformat()`` method, the format MUST specify
the timestamp as ``YYYY-MM-DDTHH:MM[:SS[.ffffff]]+00:00`` (i.e.
using the ``T`` separator and ``+00:00`` to denote UTC; seconds are
optional).
The timestamp for when the lock file was generated (using TOML's
native timestamp type). It MUST be recorded using the UTC time zone to
avoid ambiguity.
@ -538,6 +537,21 @@ The expected algorithm for resolving what to install is:
What constitues the "best-fitting wheel file" is an open issue.
========================
(Potential) Tool Support
========================
The pip_ team has `said <https://github.com/pypa/pip/issues/10636>`__
they are interested in supporting this PEP if accepted. The current
proposal for pip may even
`supplant the need <https://github.com/jazzband/pip-tools/issues/1526#issuecomment-961883367>`__
for `pip-tools`_.
PDM_ has also said they would
`support the PEP <https://github.com/pdm-project/pdm/issues/718>`__
if accepted.
=======================
Backwards Compatibility
=======================
@ -843,6 +857,7 @@ CC0-1.0-Universal license, whichever is more permissive.
.. _JSON: https://www.json.org/
.. _npm: https://www.npmjs.com/
.. _PDM: https://pypi.org/project/pdm/
.. _pip: https://pip.pypa.io/
.. _pip-tools: https://pypi.org/project/pip-tools/
.. _Pipenv: https://pypi.org/project/pipenv/
.. _platform compatibility tags: https://packaging.python.org/specifications/platform-compatibility-tags/