This is mentioned during an exchange on Twitter with @brettcannon (which later spun into the Big Picture thread). I figure I should probably open a dedicated thread about this so more people know about it, and to summarise my ideas.
Python recently saw the emergence of several project management tools that deal with dependency management as part of their features. The most known are Pipenv, Poetry. These tools operate around the idea of a lock file that can be used to replicate dependencies across environments, and provide tools for the user to easily update/generate it.
The problem is that each tool has different ideas regarding the lock file format. These independently-created lock files are similar in nature, but different in structure and format, and creates a sort of vendor lock-in.
Given that lock files generated from tools contain more or less the same information, it is possible to create a universal lock file structure, so lock files generated by any tool can be used to bootstrap an environment with others, including pip.
- Requirement installation via pip can be manifested via a Requirement File format (aka requirements.txt), but it is not enough.
- It should be able to group requirements into different optional sections, similar to
- The file is expected to be machine-generated, but possible for user to manually inspect and modify.
- The structure should represent a directed
acyclicgraph. (why cycles are allowed)