Agreed. I’m not an expert here, but I know there are two distinct groups, and any lockfile-related proposal needs to address both of them to some extent:
- “Portable” lockfiles, that can be used on multiple systems (with similar-but-not-identical profiles) and will allow installers to pick the right wheel to install. This generally requires at least some level of intelligence in the lockfile consumer.
- “Reproducible” lockfiles, that specify exactly what will be installed, and what systems it will work on. These require minimal complexity in consumers - a common example of a non-installer consumer here is auditing, which won’t involve a resolver and may even be a manual process (someone reviewing the lockfile by hand).