Are you wedded to having pylock at the start of the filename? Having *.pylock.toml makes more sense in terms of hierarchy (more specific first), and puts the lock’s purpose at the start. I couldn’t find any discussion on the change from PEP 665 in the last topic.
Also, this change better supports an idea of a default lock-file pylock.toml, where the purpose isn’t named.
Are installers free to pull from an index not specified in this list? PEP 665 seems to suggest this.
Even if the answer is no, this is still effectively impossible to enforce by installers due to proxies and routing configuration.
Does that allow PEP 517 prepare_metadata_for_build_wheel?
The actual build requirements would come from PEP 517 hook get_requires_for_build_wheel (backends may inject their own after reading pyproject.toml).
Any support for non-Git VCS? Version specifiers support arbitrary VCS.
To be the same as pyproject.toml, this would be a table, not an array of tables:
[tool.foo]
bar = 42
[tool.spam]
eggs = "beans"