I stumbled upon this while researching package management options for python, and found it a really interesting read.

I like python as a language but this mess is something that needs to be addressed for me to consider python for future projects. I can’t imagine how confusing it must be for new users.

  • stilgar [he/him] @infosec.pub
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    It would be interesting to hear what you mean about the lock file being updated. Many Poetry commands should and do touch the lock, like poetry add or poetry update, but of course poetry installshould leave it untouched.

    • Fenzik@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      But if I want to add a single new dependency, then I probably don’t want all the rest updated at the same time

      • coffeewithalex@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        That can’t be achieved due to dependency compatibility. What if you installed y==1.4, and froze it for a while, and then you install x==3.2, and it depends on y==1.5 or later?

        pyproject.toml defines dependency restrictions, so it will be in accordance with that, but the lock file will change every time you add/remove dependencies. Naturally.

        • Fenzik@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I don’t find that behaviour natural unless there is a hard conflict or I request it. So I guess it’s just a philosophical difference that led me to having a bad tint with it.

          • qwop@programming.dev
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            If you use poetry add it should only update what is necessary, and you can use poetry lock --no-update to lock without updating everything.