Log file Viewer
#pypa-dev logs for Tuesday the 22nd of October, 2019
[16:41:53] <amukherjee> Hi! Does anyone know of any tool to resolve _all_ possible dependencies for a package, irregardless of python version or extras requirements? Want to scoop up literally everything the package could resolve on. Been reading pip and poetry’s source code and the logic seems… obtuse… so figured I’d ask before trying to build it myself. Thanks!
[16:51:34] <tos9> amukherjee: there's some tool someone built that does that on top of pip-tools essentially
[16:52:02] <tos9> amukherjee: also, what do you want to do with it? it sounds like possibly something other than the usual reason? (i.e. to compile n requirements.txt files for the n different combinations of versions + extras combinations)?
[16:55:12] <amukherjee> tos9: It’s a bit of an unfortunate reason, but our security team hasn’t given us the go-ahead to allow us to blindly proxy our internal pypi repository to pypi.org. The really short story that comes out of this is that we’re building some tooling to copy all the dependencies from pypi.org to our internal pypi repository. We already have something in place but it uses `pip download` and it’s running python2+linux so we miss anyth
[16:56:47] <tos9> amukherjee: ok, I suppose that's probably pretty common too, but in theory that means you're not really after "all" python versions no?
[16:57:10] <tos9> amukherjee: if you have like 2 or 3 versions you run in prod, I'd just do what you're doing already but with all 3 versions
[16:57:56] <tos9> amukherjee: (also in not directly related news you possibly want to know about pip's --require-hashes mode)
[16:58:41] <amukherjee> tos9: Our team operates a bit more siloed, so devs are responsible for managing their services, including what python versions they are running. We could probably rerun pip-download with all the different versions we support but seems like overkill too :/.
[19:26:15] <cooperlees> amukherjee: Out of interest, What are you using for your internal mirror? DevPI?