111

Python now has a standard package lock file format – though winning full adoption will be a challenge (devclass.com)

submitted 3 days ago by cm0002@lemmy.world to c/python@programming.dev

14 comments fedilink hide all child comments

top 14 comments

sorted by: hot top controversial new old

[-] GreenKnight23@lemmy.world 7 points 1 day ago

congrats python, you're 20 years late...again...

python is the IE of programming languages

[-] cm0002@lemmy.world 2 points 1 day ago

Python EEE incoming!!!!

[-] Randelung@lemmy.world 2 points 1 day ago

How is this different from regular dependencies?

[-] TunaLobster@lemmy.world 1 points 1 day ago

Here I am still using requirements.txt and the built in venv. Sure poetry looks cool. I just don't have it everywhere. Now I just have to wait 5 years before I can reliably use a pylock.toml. Progress!

[-] taaz@biglemmowski.win 22 points 3 days ago* (last edited 3 days ago)

Oh finally.

The news on this is mixed. “All the tool authors have signaled they can and would implement the PEP as an export format,” said Cannon, but that does not mean they would adopt it as their sole lock file format. The creator of uv, Charlie Marsh, said that “today, the PEP 751-style pylock.toml files are not sufficient to replace uv.lock,” but that support will be added for export.

This sounds little better then "here is 13th standard" even though it's not feature full.

[-] holycrap@lemm.ee 12 points 3 days ago

https://xkcd.com/927/

[-] eager_eagle@lemmy.world 12 points 2 days ago* (last edited 2 days ago)

nah, the main reason we have 15 standards was the lack of an official one. This is good.

[-] logging_strict@programming.dev 2 points 2 days ago* (last edited 2 days ago)

Viva la package dependencies!

Does it do away with setuptools? After my experience interacting with the maintainers, now refer to that package as, The Deep State

The Deep State only supports loading dependencies from pypi.org Which has many advantages right up until it doesn't.

This new standard contains dependency host url. Hope there is a package other than setuptools that supports it.

When bring it up, and prove it, the responses alternate between playing dumb and gaslighting. The truth is The Deep State are gate keepers. And they are in the way.

Training wheels off mode please! So there is support for requirements files that contain on which server dependencies are hosted with more than one choice. Would like the option to host packages locally or remotely using pypiserver or equivalent.

On the positive side, setuptool maintainers did not suggest voodoo dolls, try to wait out the planetary alignment, better economic conditions, or peace on Earth.

That's how the conversation comes off to my eyes. But form your own opinion. Especially enjoyable for folks who also enjoyed the TV series, The Office.

What are the alternatives to being stonewalled by setuptools?

Disclosure: Wrote requirements rendering package, wreck. I have my own voodoo dolls and plenty of pins

[-] WolfLink@sh.itjust.works 1 points 1 day ago

I really don’t understand what you are complaining about. There has been a “training wheels off I want to do things manually” option for ages.

https://stackoverflow.com/questions/16584552/how-to-state-in-requirements-txt-a-direct-github-source

[-] abruptly8951@lemmy.world 3 points 2 days ago

Poetry or UV

Still haven't tried the latter but heard good things

[-] eager_eagle@lemmy.world 1 points 2 days ago

Have you tried hatch?

I don't know why people are still bothering with setuptools for new projects.

[-] logging_strict@programming.dev 1 points 1 day ago

From the hatch docs, not seeing where it discusses publishing to alternative package warehouses.

[-] eager_eagle@lemmy.world 1 points 1 day ago* (last edited 1 day ago)

AFAIK setuptools and hatch are for building. Publishing is a different process. You can try uv for publishing, but idk if it supports publishing to alternatives to PyPI.