|
|
|
|
|
|
by ak217
1964 days ago
|
|
|
OK, but it does manage the versions of transitive dependencies, and there's nothing in that process stopping deterministic builds. Adding/removing top level dependencies over time does require the use of two files (the top level requirements and the frozen/locked requirements which lists everything). Or you can list the top level requirements in setup.py and let requirements.txt be the lockfile. It would be nice if pip managed this lockfile automatically, but I'm not really interested in adding any of these newer tools to my toolchain just to manage a lockfile. There are many packaging and distribution frustrations in Python, I don't think pip's management of dependency lists is one of them |
|
|