To help us drive towards completion on this PEP so we can request a pronouncement, here are the currently open issues.
This is being discussed in Supporting sdists and source trees in PEP 665 .
With my “Python extension for VS Code” hat on, while I can add support for installing from a lock file, how do I help update or generate one? Specifically, how do I know when someone adds a new dependency that they want recorded? Since there is not standardized input file for a lock file, I really don’t have a way to do that. And so while users ask me for a way to install a package into their environment, how do I do that and make sure they do the right thing and write down that installation as well?
So this open issue is asking whether there should be something about this in the PEP? For instance, should this PEP update PEP 621 to say you can have a [project] table with just dependencies and a lock file MAY/SHOULD/MUST be derived from that?
Platform compatibility tags - Python Packaging User Guide does not define what a “best-fitting wheel file” is. Unfortunately this is necessary if we are going to allow the lock file to create a dependency graph that doesn’t fully eliminate possibilities for a package down to a single option on any platform.
As such, I see three options:
- Force lockers to construct a dependency graph that leads to only a single wheel file on any resolution of the graph.
- Define what a “best-fitting wheel file” is.
- Having a required
rankkey which the locker uses to specify the assumption it had when generating the lock file as to what wheel file is expected to be used when multiple options are available.