Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PEP 665: address feedback #2134

Merged
merged 3 commits into from
Nov 5, 2021
Merged

PEP 665: address feedback #2134

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ab861e3
PEP 665: address feedback
brettcannon Nov 5, 2021
437eeb4
Add a directive for pip
brettcannon Nov 5, 2021
b66542f
Clarify the type of `created-at`
brettcannon Nov 5, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 33 additions & 18 deletions pep-0665.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,13 @@ Terminology
There are several terms whose definition must be agreed upon in order
to facilitate a discussion on the topic of this PEP.

A *package* is something you install as a dependency and use via an
``import`` statement. The packages on PyPI are an example of this.
A *package* is something you install as a dependency and use via the
import system. The packages on PyPI are an example of this.

An *application* or *app* is an end product that other bits of code do
not directly rely on and are not imported. Desktop applications,
command-line tools, etc. are examples.
An *application* or *app* is an end product that other external code
does not directly rely on via the import system (i.e. they are
standalone). Desktop applications, command-line tools, etc. are
examples.

A *lock file* records the packages that are to be installed for an
app. Traditionally, the exact version of the package to be installed
Expand All @@ -61,9 +62,10 @@ Motivation
==========

Applications want reproducible installs for a few reasons (we are not
worrying about package development in this use case, as you actually
want your installation requirements to be as *flexible* as possible in
that situation).
worrying about package development, integration into larger systems
that would handle locking dependencies external to the Python
application, or other situations where *flexible* installation
requirements are desired over strict, reproducible installations).

One, reproducibility eases development. When you and your fellow
developers all end up with the same files on a specific platform, you
Expand Down Expand Up @@ -245,14 +247,14 @@ thanks to its adoption by PEP 518 for ``pyproject.toml``, but also
assists in making lock files more human-readable.

Lock files MUST end their file names with ``.pylock.toml``. The
``.toml`` part unambiguous distinguishes the format of the file, and
helps tools like code editors support the file appropriately. The
``.toml`` part unambiguously distinguishes the format of the file,
and helps tools like code editors support the file appropriately. The
``.pylock`` part distinguishes the file from other TOML files the user
has, to make logic easier for tools to create functionalities specific
to Python lock files, instead of TOML files in general.

The following sections are the top-level keys of the TOML file data format.
Any field not listed as required is considered optional.
The following sections are the top-level keys of the TOML file data
format. Any field not listed as required is considered optional.


``version``
Expand Down Expand Up @@ -284,12 +286,9 @@ but the lock file specifies ``"2.0"``).

This field is **required**.

The timestamp for when the lock file was generated. It MUST be
recorded using the UTC time zone. For ease of use with the
``datetime.datetime.fromisoformat()`` method, the format MUST specify
the timestamp as ``YYYY-MM-DDTHH:MM[:SS[.ffffff]]+00:00`` (i.e.
using the ``T`` separator and ``+00:00`` to denote UTC; seconds are
optional).
The timestamp for when the lock file was generated (using TOML's
native timestamp type). It MUST be recorded using the UTC time zone to
avoid ambiguity.



Expand Down Expand Up @@ -538,6 +537,21 @@ The expected algorithm for resolving what to install is:
What constitues the "best-fitting wheel file" is an open issue.


========================
(Potential) Tool Support
========================

The pip_ team has `said <https://github.com/pypa/pip/issues/10636>`__
they are interested in supporting this PEP if accepted. The current
proposal for pip may even
`supplant the need <https://github.com/jazzband/pip-tools/issues/1526#issuecomment-961883367>`__
for `pip-tools`_.

PDM_ has also said they would
`support the PEP <https://github.com/pdm-project/pdm/issues/718>`__
if accepted.


=======================
Backwards Compatibility
=======================
Expand Down Expand Up @@ -843,6 +857,7 @@ CC0-1.0-Universal license, whichever is more permissive.
.. _JSON: https://www.json.org/
.. _npm: https://www.npmjs.com/
.. _PDM: https://pypi.org/project/pdm/
.. _pip: https://pip.pypa.io/
.. _pip-tools: https://pypi.org/project/pip-tools/
.. _Pipenv: https://pypi.org/project/pipenv/
.. _platform compatibility tags: https://packaging.python.org/specifications/platform-compatibility-tags/
Expand Down