From ab861e3ec2b8073afb07998e946a3ba3833fb2c2 Mon Sep 17 00:00:00 2001 From: Brett Cannon Date: Fri, 5 Nov 2021 16:02:14 -0700 Subject: [PATCH 1/3] PEP 665: address feedback - Clarify some things. - Remove the format requirement for `created-at`. - List the current tools which have said they support the PEP. --- pep-0665.rst | 47 ++++++++++++++++++++++++++++++----------------- 1 file changed, 30 insertions(+), 17 deletions(-) diff --git a/pep-0665.rst b/pep-0665.rst index 658860f6798..25bde7ce4c3 100644 --- a/pep-0665.rst +++ b/pep-0665.rst @@ -32,12 +32,13 @@ Terminology There are several terms whose definition must be agreed upon in order to facilitate a discussion on the topic of this PEP. -A *package* is something you install as a dependency and use via an -``import`` statement. The packages on PyPI are an example of this. +A *package* is something you install as a dependency and use via the +import system. The packages on PyPI are an example of this. -An *application* or *app* is an end product that other bits of code do -not directly rely on and are not imported. Desktop applications, -command-line tools, etc. are examples. +An *application* or *app* is an end product that other external code +does not directly rely on via the import system (i.e. they are +standalone). Desktop applications, command-line tools, etc. are +examples. A *lock file* records the packages that are to be installed for an app. Traditionally, the exact version of the package to be installed @@ -61,9 +62,10 @@ Motivation ========== Applications want reproducible installs for a few reasons (we are not -worrying about package development in this use case, as you actually -want your installation requirements to be as *flexible* as possible in -that situation). +worrying about package development, integration into larger systems +that would handle locking dependencies external to the Python +application, or other situations where *flexible* installation +requirements are desired over strict, reproducible installations). One, reproducibility eases development. When you and your fellow developers all end up with the same files on a specific platform, you @@ -245,14 +247,14 @@ thanks to its adoption by PEP 518 for ``pyproject.toml``, but also assists in making lock files more human-readable. Lock files MUST end their file names with ``.pylock.toml``. The -``.toml`` part unambiguous distinguishes the format of the file, and -helps tools like code editors support the file appropriately. The +``.toml`` part unambiguously distinguishes the format of the file, +and helps tools like code editors support the file appropriately. The ``.pylock`` part distinguishes the file from other TOML files the user has, to make logic easier for tools to create functionalities specific to Python lock files, instead of TOML files in general. -The following sections are the top-level keys of the TOML file data format. -Any field not listed as required is considered optional. +The following sections are the top-level keys of the TOML file data +format. Any field not listed as required is considered optional. ``version`` @@ -285,11 +287,7 @@ but the lock file specifies ``"2.0"``). This field is **required**. The timestamp for when the lock file was generated. It MUST be -recorded using the UTC time zone. For ease of use with the -``datetime.datetime.fromisoformat()`` method, the format MUST specify -the timestamp as ``YYYY-MM-DDTHH:MM[:SS[.ffffff]]+00:00`` (i.e. -using the ``T`` separator and ``+00:00`` to denote UTC; seconds are -optional). +recorded using the UTC time zone to avoid ambiguity. @@ -538,6 +536,21 @@ The expected algorithm for resolving what to install is: What constitues the "best-fitting wheel file" is an open issue. +======================== +(Potential) Tool Support +======================== + +The pip_ team has `said `__ +they are interested in supporting this PEP if accepted. The current +proposal for pip may even +`supplant the need `__ +for `pip-tools`_. + +PDM_ has also said they would +`support the PEP `__ +if accepted. + + ======================= Backwards Compatibility ======================= From 437eeb4ec1c5fb6b8ff20e417313f79efa34f17e Mon Sep 17 00:00:00 2001 From: Brett Cannon Date: Fri, 5 Nov 2021 16:04:40 -0700 Subject: [PATCH 2/3] Add a directive for pip --- pep-0665.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/pep-0665.rst b/pep-0665.rst index 25bde7ce4c3..2651425f34d 100644 --- a/pep-0665.rst +++ b/pep-0665.rst @@ -856,6 +856,7 @@ CC0-1.0-Universal license, whichever is more permissive. .. _JSON: https://www.json.org/ .. _npm: https://www.npmjs.com/ .. _PDM: https://pypi.org/project/pdm/ +.. _pip: https://pip.pypa.io/ .. _pip-tools: https://pypi.org/project/pip-tools/ .. _Pipenv: https://pypi.org/project/pipenv/ .. _platform compatibility tags: https://packaging.python.org/specifications/platform-compatibility-tags/ From b66542fcb664ec5ab9124d52f4479fee8f32bf2c Mon Sep 17 00:00:00 2001 From: Brett Cannon Date: Fri, 5 Nov 2021 16:06:58 -0700 Subject: [PATCH 3/3] Clarify the type of `created-at` --- pep-0665.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pep-0665.rst b/pep-0665.rst index 2651425f34d..0e269e5c3f5 100644 --- a/pep-0665.rst +++ b/pep-0665.rst @@ -286,8 +286,9 @@ but the lock file specifies ``"2.0"``). This field is **required**. -The timestamp for when the lock file was generated. It MUST be -recorded using the UTC time zone to avoid ambiguity. +The timestamp for when the lock file was generated (using TOML's +native timestamp type). It MUST be recorded using the UTC time zone to +avoid ambiguity.