Thanks Brett, here are my preferences for some topics:
- Drop recording the package version: I am also against it
- File size, and hashes: I strongly suggest that at least the hash be retained.
- File URL or file name: They are useful in different scenarios, with file URL recorded you can confidently reproduce the whole environment with the same package files(w/ hash validation). However, in some cases users may need to switch to a mirror index which provides exactly the same set of package files with the same file hashes. index url plus file name is just equal to file url and either one should be applied, not both.
- Restrict the
[tool]
table to data that is disposable: this is also acceptable to me(and PDM). - Recording dependencies and/or dependents: I support recording only dependencies, because that are easier to retrieve than dependents. And tools can build a graph using that information to get the reverse, as dependents.
- Recording extras and groups: I have an question, since extras and groups serve similar functions in a lock file, should we distinguish between extras and groups or merge them into a single field?