Hacker News new | ask | show | jobs
by alexanderh 1432 days ago
This is what I came to the comment section to say... You absolutely can pin dependencies.... da fudge?

Sounds like this guy needs to finish learning Python before he learns something else.

From what you suggested, to containerizing things with something like Docker, there are ways to make Python more easily distributable.
1 comments
anacoluthe 1432 days ago
What if the depedencies you pinned have non-pinned depedencies?

packageA==1.0.0 depends itself on packageB

Therefore, you can find yourself with a different set of deps. Had a bug like this once.

link
im3w1l 1432 days ago
Pip freeze will pin explicit as well as transitive dependencies
link
fnord123 1432 days ago
It's a hassle to do this correctly and upgrade the dependencies. Use poetry.
link
robertlagrant 1432 days ago
pip freeze > requirements.txt
link
fnord123 1431 days ago
That only generates a lock file. When you want to upgrade some of your dependencies and recalculate the correct versions, it doesn't help.
link
robertlagrant 1431 days ago
How's that an issue? Here's an example of what happens: https://gist.github.com/robertlagrant/23489d8970ef6b49960307...
link
tomrod 1431 days ago
Someone else already responded. It's a one-line command.

I never could get poetry to work right; it's configs are sort of messy. pip freeze > requirements is built in. The only thing it doesn't pin is the python version itself.

link
fnord123 1431 days ago
As explained elsewhere in this thread, the one line command only generates a lock file. This doesn't manage the dependencies so if you want to upgrade cool-lib and recalculate all the transient dependencies so they fit with the rest of your libraries, you cannot afaik.

Bad non-solutions being built in are a bad thing.

link
earthboundkid 1431 days ago
This is not actually true. :-) Pip will install transitive deps from a requirements file unless you add the “no deps” flag. Pip freeze doesn’t pin anything. It just dumps stuff into a text file. If it’s a complete list, it has the side effect of pinning, but that’s not guaranteed by pip freeze in any way.
link
japanuspus 1431 days ago
You just pin the sub-dependency. This is builtin functionality for all the python environment managers.
link