Some thoughts from a poetry guy. (Opinions of other poetry folks may differ.)
tldr: I’m a little torn and can’t give a clear yes or no to the mapping file.
I think the PEP is very useful for pip, but it is not yet clear to me how we will implement it in poetry.
Maybe, it’s only nitpicking and not relevant but in case it helps understanding the following remarks, I want to make clear that the PEP or the mapping file is only relevant for poetry’s dependency resolution mechanism (i.e. locking) but not for poetry’s installer because resolved packages are locked with sources so that the installer has no choice anymore.
The PEP mentions that the order of repositories was never meaningful to pip. However, it has always been meaningful to poetry. Thus, it is more difficult for poetry to give up this stance.
If I understand correctly, the PEP requires to look up all repositories for a given dependency (which makes sense if repositories are not ordered anyway) but is more controversial if repositories are ordered. At the moment, even though repositories are ordered, poetry looks up all repositories, too. However, that’s a performance issue for many users. Thus, a common wish is that a dependency should not be looked up in subsequent repositories if it is found in a previous one. Currently, we are planning to implement this feature: Replace the `secondary` source type with more granular types · Issue #6713 · python-poetry/poetry · GitHub
The PEP also mentions that order is difficult when considering multiple locations. That might be one reason why repositories have to be defined in the pyproject.toml for poetry. Another reason is that the source of each chosen package is written to the lock file and the only input for the lock file is the pyproject.toml. If we would define repositories in another file, the pyproject.toml is not self-contained anymore.
In my opinion, the mentioned mapping file poses the same issue to poetry. Poetry already supports defining an explicit source for a dependency. However, that’s defined in the pyproject.toml.
There are no wildcards like in the proposed mapping file, you can only define explicit sources for specific dependencies. However, a typical use case that might not be covered by the mapping file - I did not read the whole thread so forgive me if it is - is defining different sources for different versions of a package. E.g. (in poetry syntax):
somelib = [
{ version = "1.2", markers = "sys_platform != 'linux'", source = "PyPI" },
{ version = "1.2+local", markers = "sys_platform == 'linux'", source = "myPrivateRepo" },
]
I do not want to hide the fact that some poetry users wish to define repositories globally (or overwrite repository URLs), but that’s something we haven’t yet taken into consideration. I could imagine that we might allow a mapping file that does not define repositories but only which repository is preferred for which dependency, preserving the option to define a specific source in the pyproject.toml (and thus overwriting the mapping file) and falling back to the ordered repositories if there is no entry in the mapping file. However, that may result in different solutions with and without the mapping file, which could cause confusion…