Pipenv ignores conflicts between default and development dependencies

[taion]

Describe your environment

1. OS Type: OS X
2. Python version: Python 3.6.3
3. Pipenv version: pipenv, version 8.3.1

Expected result

Suppose I have a default dependency that depends on six==1.10.0 and a development dependency that depends on six==1.11.0.

I expect to get some sort of error here, because it's impossible to satisfy both transitive requirements simultaneously.

Actual result

$ pipenv graph
dep-bar==0.0.0
  - six [required: ==1.11.0, installed: 1.10.0]
dep-foo==0.0.0
  - six [required: ==1.10.0, installed: 1.10.0]

Pipfile.lock is great, too, featuring:

    "default": {
        "dep-foo": {
            "editable": true,
            "git": "git@github.com:taion/dep_foo.git"
        },
        "six": {
            "hashes": [
                "sha256:0ff78c403d9bccf5a425a6d31a12aa6b47f1c21ca4dc2573a7e2f32a97335eb1",
                "sha256:105f8d68616f8248e24bf0e9372ef04d3cc10104f1980f54d57b2ce73a5ad56a"
            ],
            "version": "==1.10.0"
        }
    },
    "develop": {
        "dep-bar": {
            "editable": true,
            "git": "git@github.com:taion/dep_bar.git"
        },
        "six": {
            "hashes": [
                "sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb",
                "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9"
            ],
            "version": "==1.11.0"
        }
    }

Steps to replicate

[[source]]

url = "https://pypi.python.org/simple"
verify_ssl = true
name = "pypi"


[packages]

dep_foo = {git = "git@github.com:taion/dep_foo.git", editable = true}


[dev-packages]

dep_bar = {git = "git@github.com:taion/dep_bar.git", editable = true}

[taion]

This is actually sort of a structural weakness with the current Pipfile.lock format. The dependencies should be flattened, and the groups should instead be an extra item in each dependency value. This is how the lockfiles work for both npm and Yarn. It shouldn't be structurally possible to have conflicts between locked dependencies across groups.

As a workaround, probably resolve default dependencies first, then use the pip-tools caching repository, and fail if any development dependencies resolve to different versions.

[jsatt]

This is biting me this morning with Django 2.0 being released over the weekend.

[[source]]
url = "https://pypi.python.org/simple"
verify_ssl = true
name = "pypi"

[requires]
python_version = "2.7"

[dev-packages]
django-debug-toolbar = "==1.9.1"

[packages]
django = "==1.8.18"

Since debug toolbar has a requirement of "django>=1.8" it separately matches "django==2.0" which of course causes a problem on Python 2.7. If pipenv install --dev is going to always respect the merged result of packages and dev-packages dependencies, I think that locking should as well.

For others hitting this, my workaround for now is add django = "<2" to dev-packages.

Edit: Error I was getting is Command "python setup.py egg_info" failed with error code 1 in /tmp/tmplI41p5build/Django/. Hopefully that makes this issue more Google-able.

[taion]

Note pypa/pipfile#100, which is the root issue here. The lockfile format should structurally prevent this, and there is prior art here showing how to avoid this.

[kakulukia]

This sounds kind of related to my problem:
generating a requirements with lock -r for me results in an unusable requirements.txt which lists some packages two times linke django 2.0

Have a look at the pipfile:

[[source]]

url = "https://pypi.python.org/simple"
verify_ssl = true


[dev-packages]

django-debug-toolbar = "*"
django-livereload-server = "*"
"flake8" = "*"
"fabric3" = "*"
ipdb = "*"


[packages]

pypugjs = {git = "https://github.com/kakulukia/pypugjs.git"}
sorl-thumbnail = "*"
django-axes = "*"
django-compressor = "*"
django-extensions = "*"
django-libsass = "*"
django-undeletable = "*"
django-sass-processor = "*"
django-secrets = "*"
django-app-namespace-template-loader = "*"
dj-static = "*"
raven = "*"
rosetta = "*"
python-dateutil = "*"
django-braces = "*"
django-simple-history = "*"
pillow = "*"
coreapi = "*"
markdown = "*"
django-filter = "*"
django-guardian = "*"
djangorestframework = "*"
django-rest-swagger = "*"
djangorestframework-jwt = "*"
django-cors-headers = "*"
uwsgidecorators = "*"
django-redis = "*"
django-livereload-server = "*"
django-crispy-forms = "*"
django-post-office = {git = "https://github.com/kakulukia/django-post_office.git"}
tablib = "*"
"django-select2" = "*"

And the broken result - notice that ie Django and BeautifulSoup are included twice:

beautifulsoup4==4.6.0 --hash=sha256:7015e76bf32f1f574636c4288399a6de66ce08fb7b2457f628a8d70c0fbabb11  --hash=sha256:11a9a27b7d3bddc6d86f59fb76afb70e921a25ac2d6cc55b40d072bd68435a76  --hash=sha256:808b6ac932dccb0a4126558f7dfdcf41710dd44a4ef497a0bb59a77f9f078e89
certifi==2017.11.5 --hash=sha256:244be0d93b71e93fc0a0a479862051414d0e00e16435707e5bf5000f92e04694  --hash=sha256:5ec74291ca1136b40f0379e1128ff80e866597e4e2c1e755739a913bbc3613c0
chardet==3.0.4 --hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691  --hash=sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae
coreapi==2.3.3 --hash=sha256:bf39d118d6d3e171f10df9ede5666f63ad80bba9a29a8ec17726a66cf52ee6f3  --hash=sha256:46145fcc1f7017c076a2ef684969b641d18a2991051fddec9458ad3f78ffc1cb
coreschema==0.0.4 --hash=sha256:5e6ef7bf38c1525d5e55a895934ab4273548629f16aed5c0a6caa74ebf45551f  --hash=sha256:9503506007d482ab0867ba14724b93c18a33b22b6d19fb419ef2d239dd4a1607
dj-static==0.0.6 --hash=sha256:032ec1c532617922e6e3e956d504a6fb1acce4fc1c7c94612d0fda21828ce8ef
django==2.0 --hash=sha256:af18618ce3291be5092893d8522fe3919661bf3a1fb60e3858ae74865a4f07c2  --hash=sha256:9614851d4a7ff8cbd32b73c6076441f377c45a5bbff7e771798fb02c43c31f47
django-app-namespace-template-loader==0.4.1 --hash=sha256:356539413b5d1de0eff91aea7a03806b5ef6874ee5420ea8c273f72bbc601d74  --hash=sha256:7a450985479a2e07fe8a1e4e8208fc9e1d8b35503526dd28eba5f8ad4ba31d4e
django-appconf==1.0.2 --hash=sha256:ddab987d14b26731352c01ee69c090a4ebfc9141ed223bef039d79587f22acd9  --hash=sha256:6a4d9aea683b4c224d97ab8ee11ad2d29a37072c0c6c509896dd9857466fb261
django-axes==3.0.3 --hash=sha256:70d60d38ea60b440a9ab9341d38729c284dc28c0fdd648803cc70dcbb69995de  --hash=sha256:5a5af294353e4db676cc6ece5d028d2043bdcf6f844eaefa74923c306ef69f26
django-braces==1.12.0 --hash=sha256:7e0cb698f3cd17cc58d50aea4a663233f44228144b81d85e1b9bad05aa7f3f80  --hash=sha256:7c5b91c75240ccf2eb124fe3b09dd4978e8f4d412b553bb791920bd55839159c
django-compressor==2.2 --hash=sha256:7732676cfb9d58498dfb522b036f75f3f253f72ea1345ac036434fdc418c2e57  --hash=sha256:9616570e5b08e92fa9eadc7a1b1b49639cce07ef392fc27c74230ab08075b30f
django-cors-headers==2.1.0 --hash=sha256:4e02be61ffaaab5917f1fd7cc3c305c4fb7ccd0156a649c96f49bc0a09c5f572  --hash=sha256:451bc37a514792c2b46c52362368f7985985933ecdbf1a85f82652579a5cbe01
django-crispy-forms==1.7.0 --hash=sha256:d37fe72eb550b41ba651c06293fb861d5a9e6e3ada23304718858cd6250d258d  --hash=sha256:b29a9a671194e3a482891f319f69da81e30ae81c075f6e37adb14a83ba2c409b
django-extensions==1.9.8 --hash=sha256:7776b6c5f3807997c1459e96f4eed4af2b571fd6bebf61462242fa957166df30  --hash=sha256:9f1c314cfd4b974f03c5589f46f33051aa1d6b5a38cfb7f8824f59e9337768ae
django-filter==1.1.0 --hash=sha256:ea204242ea83790e1512c9d0d8255002a652a6f4986e93cee664f28955ba0c22  --hash=sha256:ec0ef1ba23ef95b1620f5d481334413700fb33f45cd76d56a63f4b0b1d76976a
django-guardian==1.4.9 --hash=sha256:8836ac9263c9bd8c162efa5fbd0729f7f8ef83008c8da298e8e2aa81ea624c47  --hash=sha256:c3c0ab257c9d94ce154b9ee32994e3cff8b350c384040705514e14a9fb7c8191
django-libsass==0.7 --hash=sha256:49db3334b87e1f7955c4f9fb9945bc296f8bfd27a14d6d89706e4b0e5dc5de1c
django-livereload-server==0.2.3 --hash=sha256:9450af6e0ad1866a1b5b787f98f9354fa2e4ceb38e135405019f630798b294cf
django-redis==4.8.0 --hash=sha256:9660332cf9de5689a7ebbe0c623c4a0de79e0916a6ae867b5d0b94759bba46c9  --hash=sha256:5229da5b07ccb8d3e3e9ee098c0b7c03e20eba48634bc456697dd73d62c68b19
django-rest-swagger==2.1.2 --hash=sha256:3471e6c21a3e97751fa6f7b81b66e916e40fa645cac36be1594c0efed810d247  --hash=sha256:ff889e2b339a9a57010dba7729d56471e05b77827f6dd36c0bcb983839882598
django-sass-processor==0.5.6 --hash=sha256:df76af0cf3be6205ecbadf230c92d268cfb604b7ad64457d86c16edc1648b05d
django-secrets==0.2.5 --hash=sha256:333383dab758ed0c27dd77be1ad7923aaa17436aea7787e0a74058cdb6a5dfd0
django-select2==6.0.0 --hash=sha256:93f954c1a0e5b94c346fddc36c149613069129941ae9585bc1ab1b3bc52c01d8
django-simple-history==1.9.0 --hash=sha256:d34c9e8e3c73e39ff3500b59ae836767fcbc43bc9c71333c55d7de273d4dc721  --hash=sha256:2faca872d730068025fb19678048d6f3c2de52e0a141189df798a697e67c9886
django-undeletable==0.4.2 --hash=sha256:b1c6efda2574f7e2b19910abed5d16a6cde339551d55c588accfbe6dcdcc67a7
djangorestframework==3.7.3 --hash=sha256:79268055755125caaebface3acbe13150bbc3a83b78e9bf1a1abfde7ab0c5231  --hash=sha256:067960e5e9e5586d3b2d53a1d626c4800dc33cd8309487d404fc63355674556f
djangorestframework-jwt==1.11.0 --hash=sha256:ab15dfbbe535eede8e2e53adaf52ef0cf018ee27dbfad10cbc4cbec2ab63d38c  --hash=sha256:5efe33032f3a4518a300dc51a51c92145ad95fb6f4b272e5aa24701db67936a7
et-xmlfile==1.0.1 --hash=sha256:614d9722d572f6246302c4491846d2c393c199cfa4edc9af593437691683335b
idna==2.6 --hash=sha256:8c7309c718f94b3a625cb648ace320157ad16ff131ae0af362c9f21b80ef6ec4  --hash=sha256:2c6a5de3089009e3da7c5dde64a141dbc8551d5b7f6cf4ed7c2568d0cc520a8f
itypes==1.1.0 --hash=sha256:c6e77bb9fd68a4bfeb9d958fea421802282451a25bac4913ec94db82a899c073
jdcal==1.3 --hash=sha256:b760160f8dc8cc51d17875c6b663fafe64be699e10ce34b6a95184b5aa0fdc9e
jinja2==2.10 --hash=sha256:74c935a1b8bb9a3947c50a54766a969d4846290e1e788ea44c1392163723c3bd  --hash=sha256:f84be1bb0040caca4cea721fcbbbbd61f9be9464ca236387158b0feea01914a4
libsass==0.13.4 --hash=sha256:ac3f331f6aa01e7e39bbb90d81b2c5005d44348bb292e9f199b58b4b88a11d9b  --hash=sha256:c6d1d2417083528b2666ed777d822b710fe0a035d13449a35455c2772aadd056  --hash=sha256:1ead4bc795ecbc241814e49afb67aa470e4de4abb583b2b78259c57cd680c92c  --hash=sha256:f2f173fb84fd86bbf81b2d4fd524564465a167eb993c8ca8f40fe0d123ff5232  --hash=sha256:628425f94b0f6f1ffb9a34ad083c116fa13e78c88dad9c486b6283d81c25e3ef  --hash=sha256:8616e62f90fc799a5bbf6752cb857a9716d6c092f49842a0737795c534056f22  --hash=sha256:f2b79e0102d191dc0b51d4441e95bb6c511cf0250be2884cb5861b6ed510b289  --hash=sha256:4edd087648bed801c5df7b5d13440302e41316d83a7306f7cae16d1ac7b8acbc  --hash=sha256:54321343e4bf6e3f7067b3e78a3f5f6968ed13867e8abba77f57dcb6fc06b54a  --hash=sha256:814e6177940339471682f70723db831bda714e68af49cde66c85a41b58dc3e1c  --hash=sha256:9f7c0ee9e0b949e7fe21882d56704fd9bd808f7984c82370e4825b3a25358fa7  --hash=sha256:1906045ad9a2518bf6ba2af3cc67a1485f924e6120aca01d7017447e512a7d64  --hash=sha256:113af1377418e87457636f3c9aa36486bf5283c62ac9bc00e4694f8e53c3802c
markdown==2.6.10 --hash=sha256:cfa536d1ee8984007fcecc5a38a493ff05c174cb74cb2341dafd175e6bc30851
markupsafe==1.0 --hash=sha256:a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665
odfpy==1.3.5 --hash=sha256:6db9bb1c9ea2d55d60e508a1318fd285442a8342b785704ea08598a260875a83  --hash=sha256:6f8163f8464868cff9421a058f25566e41d73c8f7e849c021b86630941b44366
olefile==0.44 --hash=sha256:61f2ca0cd0aa77279eb943c07f607438edf374096b66332fae1ee64a6f0f73ad
openapi-codec==1.3.2 --hash=sha256:1bce63289edf53c601ea3683120641407ff6b708803b8954c8a876fe778d2145
openpyxl==2.4.9 --hash=sha256:95e007f4d121f4fd73f39a6d74a883c75e9fa9d96de91d43c1641c103c3a9b18
pillow==4.3.0 --hash=sha256:cc6a5ed5b8f9d2f25e4e42d562e0ec4df3ce838f9e9b9d9d9b65fac6fe93a4cc  --hash=sha256:54898190b538a6c8fa4228e866ff2e7609da1ba9fd1d9cc5dc8ca591d37ce0a8  --hash=sha256:a336596b06e062b92eb8201a3b5dff07ae01c3a5d08ce5539d2da49b123f2be6  --hash=sha256:922aeb050bd52d8ce9531ab57fd2440bfe975900e8700fec385fb741c3c557c7  --hash=sha256:6d814aa655d94c63547fc3208cb6ab886ff1a64c543b31f52658663b1bb3f011  --hash=sha256:e66080685863444738f08e13081c287e340b6e4f8bd674a2e0da967776ac6f46  --hash=sha256:575a9b3468c82f38be0419cd39d35001ae95a0cc5226534e45430035fecef583  --hash=sha256:4fb8ab0f8895fb946454ef6ffe806f49ee387095f2d6112ae24670e5fb8fbcd9  --hash=sha256:1d742642d01914b7e0cf6fd597a51f57d21fd68f794cf84803e03e72db78a261  --hash=sha256:59cef683d79b85d55a950c1e61dc7b6be0c45a5074692746354cd9a8ace1cd17  --hash=sha256:822e4fc261d12fa44d88dadee0e93d59663db94d962d4ffffbf09b1fe5e5be51  --hash=sha256:a6f43511c79bed431ec2b56e55150b5222c732cd9e5f80e77a44e068e94c71fc  --hash=sha256:2046a2001e2c413998951cc28aa0dbfd4cff846a12e24c2145d42630d5104094  --hash=sha256:39c7c9dcf64430091e30ef14d4191b4cae9b7b5ff29762357730aac4866fb189  --hash=sha256:f2d71951f473744ac617b645b62d0c4df5372ef4618c425646bfe5e2e8878e61  --hash=sha256:9adcfa2477b7e279ebeee75b49f535518201bbd7d26ca2ef1cf6751cb6e658e8  --hash=sha256:0e3b56364a2c772c961a8faad8a835d3f24d8848310de035c9e07cc006035cbc  --hash=sha256:92087cb92a968421f42235f7d8153f4766b6ba213a6efb36b8060f3c9d294569  --hash=sha256:53eaec751151b5713a15b1cd62b06d0fc16d72f56623c15448728c554c30770b  --hash=sha256:e595312f67962d6b4fde3b7dffaaaca4becefa522d677676bb57b0ec5f8f921a  --hash=sha256:dc32362d0cadf18c3aef7040455760106cafe7dd3c211dc27c507e746376bb56  --hash=sha256:759e5e3e99c4ac87b99e9288a75236c63173d1bb24c8d3f9d9d2c8332fceeb0a  --hash=sha256:b13106cb83a3b7d1a02fafb94bfafbc980465ba948b76ea1996245959c6783d2  --hash=sha256:9184b9788a9cf677e53626a4dc141136a22d349a5480479b98defd3cfb5015a4  --hash=sha256:be803fae6af36639524a0f6861a8cface67bbec66c3416c3eaf592f1d45b8b20  --hash=sha256:effa82e72f5064439a3d2c7ff615b999eb1c4d65bb1f1e6ee6e2ddb345b3e81e  --hash=sha256:9dc002a914cefa710dcb9fb204d34f6cd822662047a6038178f5fc9bfa7be961  --hash=sha256:7b3cf7a80608ed661b77793f64e1f2bd1e77136ad0b750aa2c81fac9c7e2c785  --hash=sha256:a9bad3405a642649e68568fe9832e8f6ae585354ab0b4ae250816ead11a553a2  --hash=sha256:4d3dbd93b131013a71b2e98530dd4945a03c7994d42381e44a921dd8bec300bc  --hash=sha256:9a1514bee2e32e0d4c0f55ba7a20f4387f883e37c7d2db64ca50449ffebe86cc  --hash=sha256:a9721fe1f6fdfe0c108ea81b1a05dc216f1ec5bb65ef1de1d85fd00494d019e0  --hash=sha256:e75d745306ec8aac0e6903358fdfc7fb6854febe551ed753ee7a1cad058b61bb  --hash=sha256:ccc9c1f5ba413fc5ee09bc78de7dd2ad8e189edb48f3bc38acedd04a7f43a0c1  --hash=sha256:150e24462fd106074a9a63417a55fbb0c633716cef9511f1bd7a773972de14f4  --hash=sha256:250d8470661fd657c2583672ab5139f40e7f2ef28ecdc90f87563af0b27f6fba  --hash=sha256:a97c715d44efd5b4aa8d739b8fad88b93ed79f1b33fc2822d5802043f3b1b527  --hash=sha256:dbefe5aa0882f00f12eceb3fb7df57105cd87fae767ca025db4685b7577c2390  --hash=sha256:62a7bbf0a1120ff07a99ddedd383779a8d80bd9d363f3964b2b43a26cef6ea50  --hash=sha256:42b4a67949085ddd4559c3c716a00a275fb45cb2c3a3aeec95c4b94419b7c243  --hash=sha256:0ac037e6c1746d63a1ea354f0d5974d8f3f984fc0333be373ad193711a89b1e9  --hash=sha256:8989cbf10ea07fc9982ec86116f6234bb3e44da481874ac94650d6176f60106f  --hash=sha256:77834551d3e928f3da922ce9dfb5c8db46758ea2f2922d4c5835a5b67a222aff  --hash=sha256:c00301e807084706bd46a1c56694ee235debe68eaf482c0186edfe07b93a9f6a  --hash=sha256:0163bd681d3488e2e9c26f4fbbfefcfb7f32259c431bfd2c3bc25574708a8b8c  --hash=sha256:223b06c337d8d60fb65af3b540ab1fa4644931d61d1fddf6e32f7a0e496685f2  --hash=sha256:1ab641cb7daf88e88ede8d3b89b7bd68a7099d8671160492d5e6845e24426080
pyjwt==1.5.3 --hash=sha256:a4e5f1441e3ca7b382fd0c0b416777ced1f97c64ef0c33bfa39daf38505cfd2f  --hash=sha256:500be75b17a63f70072416843dc80c8821109030be824f4d14758f114978bae7
python-dateutil==2.6.1 --hash=sha256:95511bae634d69bc7329ba55e646499a842bc4ec342ad54a8cdb65645a0aad3c  --hash=sha256:891c38b2a02f5bb1be3e4793866c8df49c7d19baabf9c1bad62547e0b4866aca
pytz==2017.3 --hash=sha256:80af0f3008046b9975242012a985f04c5df1f01eed4ec1633d56cc47a75a6a48  --hash=sha256:feb2365914948b8620347784b6b6da356f31c9d03560259070b2f30cff3d469d  --hash=sha256:59707844a9825589878236ff2f4e0dc9958511b7ffaae94dc615da07d4a68d33  --hash=sha256:d0ef5ef55ed3d37854320d4926b04a4cb42a2e88f71da9ddfdacfde8e364f027  --hash=sha256:c41c62827ce9cafacd6f2f7018e4f83a6f1986e87bfd000b8cfbd4ab5da95f1a  --hash=sha256:8cc90340159b5d7ced6f2ba77694d946fc975b09f1a51d93f3ce3bb399396f94  --hash=sha256:dd2e4ca6ce3785c8dd342d1853dd9052b19290d5bf66060846e5dc6b8d6667f7  --hash=sha256:699d18a2a56f19ee5698ab1123bbcc1d269d061996aeb1eda6d89248d3542b82  --hash=sha256:fae4cffc040921b8a2d60c6cf0b5d662c1190fe54d718271db4eb17d44a185b7
pyyaml==3.12 --hash=sha256:3262c96a1ca437e7e4763e2843746588a965426550f3797a79fca9c6199c431f  --hash=sha256:16b20e970597e051997d90dc2cddc713a2876c47e3d92d59ee198700c5427736  --hash=sha256:e863072cdf4c72eebf179342c94e6989c67185842d9997960b3e69290b2fa269  --hash=sha256:bc6bced57f826ca7cb5125a10b23fd0f2fff3b7c4701d64c439a300ce665fff8  --hash=sha256:c01b880ec30b5a6e6aa67b09a2fe3fb30473008c85cd6a67359a1b15ed6d83a4  --hash=sha256:827dc04b8fa7d07c44de11fabbc888e627fa8293b695e0f99cb544fdfa1bf0d1  --hash=sha256:592766c6303207a20efc445587778322d7f73b161bd994f227adaa341ba212ab  --hash=sha256:5f84523c076ad14ff5e6c037fe1c89a7f73a3e04cf0377cb4d017014976433f3  --hash=sha256:0c507b7f74b3d2dd4d1322ec8a94794927305ab4cebbe89cc47fe5e81541e6e8  --hash=sha256:b4c423ab23291d3945ac61346feeb9a0dc4184999ede5e7c43e1ffb975130ae6  --hash=sha256:ca233c64c6e40eaa6c66ef97058cdc80e8d0157a443655baa1b2966e812807ca  --hash=sha256:4474f8ea030b5127225b8894d626bb66c01cda098d47a2b0d3429b6700af9fd8  --hash=sha256:326420cbb492172dec84b0f65c80942de6cedb5233c413dd824483989c000608  --hash=sha256:5ac82e411044fb129bae5cfbeb3ba626acb2af31a8d17d175004b70862a741a7
raven==6.3.0 --hash=sha256:cb644fb12ee886a341041dcd533540dfc82619a50bf0b7c587af070054bd2c7f  --hash=sha256:f3e465a545dcdb6a387d1fcb199d08f786ba3732d7ce6aa681718b04da6aedf1
rcssmin==1.0.6 --hash=sha256:ca87b695d3d7864157773a61263e5abb96006e9ff0e021eff90cbe0e1ba18270
redis==2.10.6 --hash=sha256:8a1900a9f2a0a44ecf6e8b5eb3e967a9909dfed219ad66df094f27f7d6f330fb  --hash=sha256:a22ca993cea2962dbb588f9f30d0015ac4afcc45bee27d3978c0dbe9e97c6c0f
requests==2.18.4 --hash=sha256:6a1b267aa90cac58ac3a765d067950e7dbbf75b1da07e895d1f594193a40a38b  --hash=sha256:9c443e7324ba5b85070c4a818ade28bfabedf16ea10206da1132edaa6dda237e
rjsmin==1.0.12 --hash=sha256:dd9591aa73500b08b7db24367f8d32c6470021f39d5ab4e50c7c02e4401386f1
rosetta==0.3 --hash=sha256:e96feb0f2d8b9d0ac699ae14802f37970031404351c0c9ea7aa2f636a78a6689  --hash=sha256:bc89b4153ceaa15913410f7eb0cb833ab7379f1f6f4032e1ff8c2635c55e4719
simplejson==3.13.2 --hash=sha256:194fa08e4047f16e7087f2a406abd15151a482a097e42d8babb1b8181b2232b1  --hash=sha256:43dc3082f3a8fd5bb0c80df5a8ab96d81eafeca701615aaa0b01910b1869e678  --hash=sha256:44a7e0e117032666d37bcfa42161c7eb27c6ed9100d260e5b25751a6d8d7a2e8  --hash=sha256:ef822f66d932a7ced43844a4684d7bd24c4cc7ebe8030ee7277cf7c033e58a13  --hash=sha256:b4967af248c1fde0b184d81b2aa9646d96a400342d26f837e772a1dcb11cdc10  --hash=sha256:cf669980df3a6db918e69920df3eaf52901aa4c007287070a8b6e0da811cd2a2  --hash=sha256:5539547ba11f4affcdc4890cc85bfdd3f2d7186042d91e9340add98699cc3d50  --hash=sha256:b2e64d1695bcd0d916e8633ab12179bde8d96e8cbd18d9d0c3020409cfaf8091  --hash=sha256:c1347a0d6e90d4a0fd67514c8691346c5cd1ee6039415eba97690f4b5d594915  --hash=sha256:6cf42bc495f7e3fd25e92912a22f47e439f3a809814103a1b727d373f758915a  --hash=sha256:6560b68e98aba17afa4e898aab21d06d549738267dbe4d0981a24b4c1db66368  --hash=sha256:4c4ecf20e054716cc1e5a81cadc44d3f4027108d8dd0861d8b1e3bd7a32d4f0a  --hash=sha256:335d2a6afdd3a31f4ef210b46e6824848491c969f4b3a655d1864f655d57c5d3  --hash=sha256:1c9c13077560b8c0404c38d8e385d9e171aa8aec2a9b3139ded315a4c5ffc4d8  --hash=sha256:26f70a009c70866a07c43e25d6d9a1fb027ecef110a6c93cc8aec04ddf2ad05f  --hash=sha256:c64c9972a847b5de9a47f5e3a06b280ee3301ac83089cc9d7ea922f7cea5954c  --hash=sha256:ec7b08ffefae94b2c0a85df4ec17e3ada8f9f2bfae18e8b6812ece366917d0c5  --hash=sha256:ec0d482b9d28c123a2c6ccfa5341d47734b1dee2d61a655a99f26ef9c0080ce7  --hash=sha256:06b69946903ffd593d45624bdc354c1b857c2b1690ed2112df88d0e4e0294b06  --hash=sha256:c62045146474c41c5b9e4c758873b3b2872b3e0fefd2b87de3f08292c370fce6  --hash=sha256:e95f107de632ae6effa6915f194f2c282db592b9aa449070a5f9c065c478ec47
six==1.11.0 --hash=sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb  --hash=sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9
sorl-thumbnail==12.4.1 --hash=sha256:c5ef989da07d31925754922ce95783fd2b1f8735124c0510884633eb32a4cd3e  --hash=sha256:1cc6d913fe4f1224e479f25a23ec2ad3ca71c3154919a2c9463b07e7fbe11ac2
static3==0.7.0 --hash=sha256:674641c64bc75507af2eb20bef7e7e3593dca993dec6674be108fa15b42f47c8
tablib==0.12.1 --hash=sha256:b8cf50a61d66655229993f2ee29220553fb2c80403479f8e6de77c0c24649d87
tornado==4.5.2 --hash=sha256:62a5d4c66bf4e86d25a02e9de97293860b59e61f9c465e80336ba0fc308aacf6  --hash=sha256:f109c066411c44bcd3bc877267b45feb8e29092ede59dd0582739444c2344b00  --hash=sha256:e66f47db4753c6f6849af1f82f04bdc7d2c1f5d64b7cc11ddd17230295c8887f  --hash=sha256:2b40720a7b164848ca5c51fab0feac7e3717adcb87bec77f81f7809b72bf7f56  --hash=sha256:1fb8e494cd46c674d86fac5885a3ff87b0e283937a47d74eb3c02a48c9e89ad0
typing==3.6.2 --hash=sha256:349b1f9c109c84b53ac79ac1d822eaa68fc91d63b321bd9392df15098f746f53  --hash=sha256:63a8255fe7c6269916baa440eb9b6a67139b0b97a01af632e7bd2842e1e02f15  --hash=sha256:d514bd84b284dd3e844f0305ac07511f097e325171f6cc4a20878d11ad771849
unicodecsv==0.14.1 --hash=sha256:018c08037d48649a0412063ff4eda26eaa81eff1546dbffa51fa5293276ff7fc
uritemplate==3.0.0 --hash=sha256:01c69f4fe8ed503b2951bef85d996a9d22434d2431584b5b107b2981ff416fbd  --hash=sha256:1b9c467a940ce9fb9f50df819e8ddd14696f89b9a8cc87ac77952ba416e0a8fd  --hash=sha256:c02643cebe23fc8adb5e6becffe201185bf06c40bda5c0b4028a93f1527d011d
urllib3==1.22 --hash=sha256:06330f386d6e4b195fbfc736b297f58c5a892e4440e54d294d7004e3a9bbea1b  --hash=sha256:cc44da8e1145637334317feebd728bd869a35285b93cbb4cca2577da7e62db4f
uwsgidecorators==1.1.0 --hash=sha256:92693eeed4836fa3afde2954629bd9f846ea358b965fba6a00ce365cce68f976
xlrd==1.1.0 --hash=sha256:83a1d2f1091078fb3f65876753b5302c5cfb6a41de64b9587b74cefa75157148  --hash=sha256:8a21885513e6d915fe33a8ee5fdfa675433b61405ba13e2a69e62ee36828d7e2
xlwt==1.3.0 --hash=sha256:a082260524678ba48a297d922cc385f58278b8aa68741596a87de01a9c628b2e  --hash=sha256:c59912717a9b28f1a3c2a98fd60741014b06b043936dcecbc113eaaada156c88
appnope==0.1.0; sys_platform == 'darwin' --hash=sha256:5b26757dc6f79a3b7dc9fab95359328d5747fcb2409d331ea66d0272b90ab2a0  --hash=sha256:8b995ffe925347a2138d7ac0fe77155e4311a0ea6d6da4f5128fe4b3cbe5ed71
asn1crypto==0.23.0 --hash=sha256:654b7db3b120e23474e9a1e5e38d268c77e58a9e17d2cb595456c37309846494  --hash=sha256:0874981329cfebb366d6584c3d16e913f2a0eb026c9463efcc4aaf42a9d94d70
bcrypt==3.1.4 --hash=sha256:f9210820ee4818d84658ed7df16a7f30c9fba7d8b139959950acef91745cc0f7  --hash=sha256:b1e8491c6740f21b37cca77bc64677696a3fb9f32360794d57fa8477b7329eda  --hash=sha256:9eced8962ce3b7124fe20fd358cf8c7470706437fa064b9874f849ad4c5866fc  --hash=sha256:346d6f84ff0b493dbc90c6b77136df83e81f903f0b95525ee80e5e6d5e4eef84  --hash=sha256:0f317e4ffbdd15c3c0f8ab5fbd86aa9aabc7bea18b5cc5951b456fe39e9f738c  --hash=sha256:f7fd3ed3745fe6e81e28dc3b3d76cce31525a91f32a387e1febd6b982caf8cdb  --hash=sha256:3b4c23300c4eded8895442c003ae9b14328ae69309ac5867e7530de8bdd7875d  --hash=sha256:34dd60b90b0f6de94a89e71fcd19913a30e83091c8468d0923a93a0cccbfbbff  --hash=sha256:2788c32673a2ad0062bea850ab73cffc0dba874db10d7a3682b6f2f280553f20  --hash=sha256:6efd9ca20aefbaf2e7e6817a2c6ed4a50ff6900fafdea1bcb1d0e9471743b144  --hash=sha256:f2fe545d27a619a552396533cddf70d83cecd880a611cdfdbb87ca6aec52f66b  --hash=sha256:e22f0997622e1ceec834fd25947dc2ee2962c2133ea693d61805bc867abaf7ea  --hash=sha256:c906bdb482162e9ef48eea9f8c0d967acceb5c84f2d25574c7d2a58d04861df1  --hash=sha256:43d1960e7db14042319c46925892d5fa99b08ff21d57482e6f5328a1aca03588  --hash=sha256:321d4d48be25b8d77594d8324c0585c80ae91ac214f62db9098734e5e7fb280f  --hash=sha256:ae35dbcb6b011af6c840893b32399252d81ff57d52c13e12422e16b5fea1d0fb  --hash=sha256:09a3b8c258b815eadb611bad04ca15ec77d86aa9ce56070e1af0d5932f17642a  --hash=sha256:988cac675e25133d01a78f2286189c1f01974470817a33eaf4cfee573cfb72a5  --hash=sha256:cb18ffdc861dbb244f14be32c47ab69604d0aca415bee53485fcea4f8e93d5ef  --hash=sha256:8629ea6a8a59f865add1d6a87464c3c676e60101b8d16ef404d0a031424a8491  --hash=sha256:a005ed6163490988711ff732386b08effcbf8df62ae93dd1e5bda0714fad8afb  --hash=sha256:d86da365dda59010ba0d1ac45aa78390f56bf7f992e65f70b3b081d5e5257b09  --hash=sha256:8569844a5d8e1fdde4d7712a05ab2e6061343ac34af6e7e3d7935b2bd1907bfd  --hash=sha256:0872eeecdf9a429c1420158500eedb323a132bc5bf3339475151c52414729e70  --hash=sha256:01477981abf74e306e8ee31629a940a5e9138de000c6b0898f7f850461c4a0a5  --hash=sha256:49e96267cd9be55a349fd74f9852eb9ae2c427cd7f6455d0f1765d7332292832  --hash=sha256:9a6fedda73aba1568962f7543a1f586051c54febbc74e87769bad6a4b8587c39  --hash=sha256:054d6e0acaea429e6da3613fcd12d05ee29a531794d96f6ab959f29a39f33391  --hash=sha256:67ed1a374c9155ec0840214ce804616de49c3df9c5bc66740687c1c9b1cd9e8d
beautifulsoup4==4.6.0 --hash=sha256:7015e76bf32f1f574636c4288399a6de66ce08fb7b2457f628a8d70c0fbabb11  --hash=sha256:11a9a27b7d3bddc6d86f59fb76afb70e921a25ac2d6cc55b40d072bd68435a76  --hash=sha256:808b6ac932dccb0a4126558f7dfdcf41710dd44a4ef497a0bb59a77f9f078e89
cffi==1.11.2 --hash=sha256:2c707e97ad7b0417713543be7cb87315c015bb5dd97903480168d60ebe3e313e  --hash=sha256:6d8c7e20eb90be9e1ccce8e8dd4ee5163b37289fc5708f9eeafc00adc07ba891  --hash=sha256:627298d788edcb317b6a01347428501e773f5e8f2988407231c07e50e3f6c1cf  --hash=sha256:bdd28cf8302eeca1b4c70ec727de384d4f6ea640b0e698934fd9b4c3bc88eeb1  --hash=sha256:248198cb714fe09f5c60b6acba3675d52199c6142641536796cdf89dd45e5590  --hash=sha256:c962cb68987cbfb70b034f153bfa467c615c0b55305d39b3237c4bdbdbc8b0f4  --hash=sha256:401ba2f6c1f1672b6c38670e1c00fa5f84f841edd30c32742dab5c7151cd89bf  --hash=sha256:1c103c0ee8235c47c4892288b2287014f33e7cb24b9d4a665be3aa744377dcb9  --hash=sha256:d7461ef8671ae40f991384bbc4a6b1b79f4e7175d8052584be44041996f46517  --hash=sha256:3ac9be5763238da1d6fa467c43e3f86472626837a478588c94165df09e62e120  --hash=sha256:d54a7c37f954fdbb971873c935a77ddc33690cec9b7ac254d9f948c43c32fa83  --hash=sha256:4d9bf1b23896bcd4d042e823f50ad36fb6d8e1e645a3dfb2fe2f070851489b92  --hash=sha256:61cf049b1c649d8eec360a1a1d09a61c37b9b2d542364506e8feb4afd232363d  --hash=sha256:ce3da410ae2ab8709565cc3b18fbe9a0eb96ea7b2189416098c48d839ecced84  --hash=sha256:e72d8b5056f967ecb57e166537408bc913f2f97dc568027fb6342fcfa9f81d64  --hash=sha256:11a8ba88ef6ae89110ef029dae7f1a293365e50bdd0c6ca973beed80cec95ae4  --hash=sha256:974f69112721ba2e8a6acd0f6b68a5e11432710a3eca4e4e6f4d7aaf99214ed1  --hash=sha256:062c66dabc3faf8e0db1ca09a6b8e308846e5d35f43bed1a68c492b0d96ac171  --hash=sha256:03a9b9efc280dbe6be149a7fa689f59a822df009eee633fdaf55a6f38795861f  --hash=sha256:8b3d6dc9981cedfb1ddcd4600ec0c7f5ac2c6ad2dc482011c7eecb4ae9c819e0  --hash=sha256:09b7d195d163b515ef7c2b2e26a689c9816c83d5319cceac6c36ffdab97ab048  --hash=sha256:943b94667749d1cfcd964e215a20b9c891deae913202ee8eacaf2b94164b155f  --hash=sha256:89829f5cfbcb5ad568a3d61bd23a8e33ad69b488d8f6a385e0097a4c20742a9b  --hash=sha256:ba78da7c940b041cdbb5aaff5afe11e8a8f25fe19564c12eefea5c5bd86930ca  --hash=sha256:a79b15b9bb4726672865cf5b0f63dee4835974a2b11b49652d70d49003f5d1f4  --hash=sha256:f6799913eb510b682de971ddef062bbb4a200f190e55cae81c413bc1fd4733c1  --hash=sha256:e7f5ad6b12f21b77d3a37d5c67260e464f4e9068eb0c0622f61d0e30390b31b6  --hash=sha256:5f96c92d5f5713ccb71e76dfa14cf819c59ecb9778e94bcb541e13e6d96d1ce5  --hash=sha256:5357b465e3d6b98972b7810f9969c913d365e75b09b7ba813f5f0577fe1ac9f4  --hash=sha256:75e1de9ba7c155d89bcf67d149b1c741df553c8158536e8d27e63167403159af  --hash=sha256:ab87dd91c0c4073758d07334c1e5f712ce8fe48f007b86f8238773963ee700a6
cryptography==2.1.4 --hash=sha256:69285f5615507b6625f89ea1048addd1d9218585fb886eb90bdebb1d2b2d26f5  --hash=sha256:6cb1224da391fa90f1be524eafb375b62baf8d3df9690b32e8cc475ccfccee5e  --hash=sha256:4f385ee7d39ee1ed74f1d6b1da03d0734ea82855a7b28a9e6e88c4091bc58664  --hash=sha256:a5f2c681fd040ed648513939a1dd2242af19bd5e9e79e53b6dcfa33bdae61217  --hash=sha256:fc2208d95d9ecc8032f5e38330d5ace2e3b0b998e42b08c30c35b2ab3a4a3bc8  --hash=sha256:0d39a93cf25edeae1f796bbc5960e587f34513a852564f6345ea4491a86c5997  --hash=sha256:41f94194ae78f83fd94ca94fb8ad65f92210a76a2421169ffa5c33c3ec7605f4  --hash=sha256:7a2409f1564c84bcf2563d379c9b6148c5bc6b0ae46e109f6a7b4bebadf551df  --hash=sha256:55555d784cfdf9033e81f044c0df04babed2aa141213765d960d233b0139e353  --hash=sha256:9a47a80f65f4feaaf8415a40c339806c7d7d867152ddccc6ca87f707c8b7b565  --hash=sha256:6fb22f63e17813f3d1d8e30dd1e249e2c34233ba1d3de977fd31cb5db764c7d0  --hash=sha256:ee245f185fae723133511e2450be08a66c2eebb53ad27c0c19b228029f4748a5  --hash=sha256:9a2945efcff84830c8e237ab037d0269380d75d400a89cc9e5628e52647e21be  --hash=sha256:2cfcee8829c5dec55597826d52c26bc26e7ce39adb4771584459d0636b0b7108  --hash=sha256:33b564196dcd563e309a0b07444e31611368afe3a3822160c046f5e4c3b5cdd7  --hash=sha256:18d0b0fc21f39b35ea469a82584f55eeecec1f65a92d85af712c425bdef627b3  --hash=sha256:d18df9cf3f3212df28d445ea82ce702c4d7a35817ef7a38ee38879ffa8f7e857  --hash=sha256:b984523d28737e373c7c35c8b6db6001537609d47534892de189bebebaa42a47  --hash=sha256:27a208b9600166976182351174948e128818e7fc95cbdba18143f3106a211546  --hash=sha256:28e4e9a97713aa47b5ef9c5003def2eb58aec89781ef3ef82b1c2916a8b0639b  --hash=sha256:a3c180d12ffb1d8ee5b33a514a5bcb2a9cc06cc89aa74038015591170c82f55d  --hash=sha256:8487524a1212223ca6dc7e2c8913024618f7ff29855c98869088e3818d5f6733  --hash=sha256:e4d967371c5b6b2e67855066471d844c5d52d210c36c28d49a8507b96e2c5291
decorator==4.1.2 --hash=sha256:95a26b17806e284452bfd97fa20aa1e8cb4ee23542bda4dbac5e4562aa1642cd  --hash=sha256:7cb64d38cb8002971710c8899fbdfb859a23a364b7c99dab19d1f719c2ba16b5
django==2.0 --hash=sha256:af18618ce3291be5092893d8522fe3919661bf3a1fb60e3858ae74865a4f07c2  --hash=sha256:9614851d4a7ff8cbd32b73c6076441f377c45a5bbff7e771798fb02c43c31f47
django-debug-toolbar==1.9.1 --hash=sha256:4af2a4e1e932dadbda197b18585962d4fc20172b4e5a479490bc659fe998864d  --hash=sha256:d9ea75659f76d8f1e3eb8f390b47fc5bad0908d949c34a8a3c4c87978eb40a0f
django-livereload-server==0.2.3 --hash=sha256:9450af6e0ad1866a1b5b787f98f9354fa2e4ceb38e135405019f630798b294cf
fabric3==1.13.1.post1 --hash=sha256:7c61df6bd6ed2817c1be1246a01bca4db6b19cd3e831dd046b9463ce8ba3ae87  --hash=sha256:8097dbd078c11273fdaf52d54ce8e11754fa8160be7c407ae866b5e78d76b47c
flake8==3.5.0 --hash=sha256:c7841163e2b576d435799169b78703ad6ac1bbb0f199994fc05f700b2a90ea37  --hash=sha256:7253265f7abd8b313e3892944044a365e3f4ac3fcdcfb4298f55ee9ddf188ba0
idna==2.6 --hash=sha256:8c7309c718f94b3a625cb648ace320157ad16ff131ae0af362c9f21b80ef6ec4  --hash=sha256:2c6a5de3089009e3da7c5dde64a141dbc8551d5b7f6cf4ed7c2568d0cc520a8f
ipdb==0.10.3 --hash=sha256:9ea256b4280fbe12840fb9dfc3ce498c6c6de03352eca293e4400b0dfbed2b28
ipython==6.2.1 --hash=sha256:fcc6d46f08c3c4de7b15ae1c426e15be1b7932bcda9d83ce1a4304e8c1129df3  --hash=sha256:51c158a6c8b899898d1c91c6b51a34110196815cc905f9be0fa5878e19355608
ipython-genutils==0.2.0 --hash=sha256:72dd37233799e619666c9f639a9da83c34013a73e8bbc79a7a6348d93c61fab8  --hash=sha256:eb2e116e75ecef9d4d228fdc66af54269afa26ab4463042e33785b887c628ba8
jedi==0.11.0 --hash=sha256:3af518490ffcd00a3074c135b42511e081575e9abd115c216a34491411ceebb0  --hash=sha256:f6d5973573e76b1fd2ea75f6dcd6445d02d41ff3af5fc61b275b4e323d1dd396
mccabe==0.6.1 --hash=sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42  --hash=sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f
paramiko==2.4.0 --hash=sha256:8851e728e8b7590989e68e3936c48ee3ca4dad91d29e3d7ff0305b6c5fc582db  --hash=sha256:486f637f0a33a4792e0e567be37426c287efaa8c4c4a45e3216f9ce7fd70b1fc
parso==0.1.0 --hash=sha256:b573acb69f66a970197b5fdbbdfad3b8a417a520e383133b2b4e708f104bfc9a  --hash=sha256:c5279916bb417aa2bf634648ff895cf35dce371d7319744884827bfad06f8d7b
pexpect==4.3.0; sys_platform != 'win32' --hash=sha256:2b50dd8caa5007b10b0afcf075095814780b104b4a5cf9d8fbdc8bbc754e5ca4  --hash=sha256:00ab0872f80f5db740499e7a1283a7c3b97bea542d72df84d83dea17d0afd2d9
pickleshare==0.7.4 --hash=sha256:c9a2541f25aeabc070f12f452e1f2a8eae2abd51e1cd19e8430402bdf4c1d8b5  --hash=sha256:84a9257227dfdd6fe1b4be1319096c20eb85ff1e82c7932f36efccfe1b09737b
prompt-toolkit==1.0.15 --hash=sha256:3f473ae040ddaa52b52f97f6b4a493cfa9f5920c255a12dc56a7d34397a398a4  --hash=sha256:1df952620eccb399c53ebb359cc7d9a8d3a9538cb34c5a1344bdbeb29fbcc381  --hash=sha256:858588f1983ca497f1cf4ffde01d978a3ea02b01c8a26a8bbc5cd2e66d816917
ptyprocess==0.5.2 --hash=sha256:e8c43b5eee76b2083a9badde89fd1bbce6c8942d1045146e100b7b5e014f4f1a  --hash=sha256:e64193f0047ad603b71f202332ab5527c5e52aa7c8b609704fc28c0dc20c4365
pyasn1==0.4.2 --hash=sha256:f81c96761fca60d64b1c9b79ec2e40cf9495a745cf570613079ef324aeb9672b  --hash=sha256:7d626683e3d792cccc608da02498aff37ab4f3dafd8905d6bf755d11f9b26b43  --hash=sha256:e85895087905c65b5b594eb91f7522664c85545b147d5f4d4e7b1b07da8dcbdc  --hash=sha256:5a0db897b311d265cde49615cf783f1c78613138605cdd0f907ecfa5b2aba3ee  --hash=sha256:d5cd6ed995dba16fad0c521cfe31cd2d68400b53fcc2bce93326829be73ab6d1  --hash=sha256:a7efe807c4b83a859e2735c692b92ed7b567cfddc4163763412920041d876c2b  --hash=sha256:b5a9ca48055b9a20f6d1b3d68e38692e5431c86a0f99ea602e61294e891fee5b  --hash=sha256:c07d6e587b2f928366b1f67c09bda026a3e6fcc99e80a744dc67f8fca3895626  --hash=sha256:d84c2aea3cf43780e9e6a19f4e4dddee9f6976519020e64e47c57e5c7a8c3dd2  --hash=sha256:758cb50abddc03e4563fd9e7f03db56e3e87b58c0bd01247360326e5c0c7ffa5  --hash=sha256:0d7f6e959fe53f3960a23d73f35e1fce61348b30915b6664309ca756de7c1f89  --hash=sha256:d258b0a71994f7770599835249cece1caef3c70def868c4915e6e5ca49b67d15
pycodestyle==2.3.1 --hash=sha256:6c4245ade1edfad79c3446fadfc96b0de2759662dc29d07d80a6f27ad1ca6ba9  --hash=sha256:682256a5b318149ca0d2a9185d365d8864a768a28db66a84a2ea946bcc426766
pycparser==2.18 --hash=sha256:99a8ca03e29851d96616ad0404b4aad7d9ee16f25c9f9708a11faf2810f7b226
pyflakes==1.6.0 --hash=sha256:08bd6a50edf8cffa9fa09a463063c425ecaaf10d1eb0335a7e8b1401aef89e6f  --hash=sha256:8d616a382f243dbf19b54743f280b80198be0bca3a5396f1d2e1fca6223e8805
pygments==2.2.0 --hash=sha256:78f3f434bcc5d6ee09020f92ba487f95ba50f1e3ef83ae96b9d5ffa1bab25c5d  --hash=sha256:dbae1046def0efb574852fab9e90209b23f556367b5a320c0bcb871c77c3e8cc
pynacl==1.2.1 --hash=sha256:0bfa0d94d2be6874e40f896e0a67e290749151e7de767c5aefbad1121cad7512  --hash=sha256:1d33e775fab3f383167afb20b9927aaf4961b953d76eeb271a5703a6d756b65b  --hash=sha256:eb2acabbd487a46b38540a819ef67e477a674481f84a82a7ba2234b9ba46f752  --hash=sha256:14339dc233e7a9dda80a3800e64e7ff89d0878ba23360eea24f1af1b13772cac  --hash=sha256:cf6877124ae6a0698404e169b3ba534542cfbc43f939d46b927d956daf0a373a  --hash=sha256:eeee629828d0eb4f6d98ac41e9a3a6461d114d1d0aa111a8931c049359298da0  --hash=sha256:d0eb5b2795b7ee2cbcfcadacbe95a13afbda048a262bd369da9904fecb568975  --hash=sha256:11aa4e141b2456ce5cecc19c130e970793fa3a2c2e6fbb8ad65b28f35aa9e6b6  --hash=sha256:8ac1167195b32a8755de06efd5b2d2fe76fc864517dab66aaf65662cc59e1988  --hash=sha256:d795f506bcc9463efb5ebb0f65ed77921dcc9e0a50499dedd89f208445de9ecb  --hash=sha256:be71cd5fce04061e1f3d39597f93619c80cdd3558a6c9ba99a546f144a8d8101  --hash=sha256:2a42b2399d0428619e58dac7734838102d35f6dcdee149e0088823629bf99fbb  --hash=sha256:73a5a96fb5fbf2215beee2353a128d382dbca83f5341f0d3c750877a236569ef  --hash=sha256:d8aaf7e5d6b0e0ef7d6dbf7abeb75085713d0100b4eb1a4e4e857de76d77ac45  --hash=sha256:2dce05ac8b3c37b9e2f65eab56c544885607394753e9613fd159d5e2045c2d98  --hash=sha256:f5ce9e26d25eb0b2d96f3ef0ad70e1d3ae89b5d60255c462252a3e456a48c053  --hash=sha256:6453b0dae593163ffc6db6f9c9c1597d35c650598e2c39c0590d1757207a1ac2  --hash=sha256:fabf73d5d0286f9e078774f3435601d2735c94ce9e514ac4fb945701edead7e4  --hash=sha256:13bdc1fe084ff9ac7653ae5a924cae03bf4bb07c6667c9eb5b6eb3c570220776  --hash=sha256:8f505f42f659012794414fa57c498404e64db78f1d98dfd40e318c569f3c783b  --hash=sha256:04e30e5bdeeb2d5b34107f28cd2f5bbfdc6c616f3be88fc6f53582ff1669eeca  --hash=sha256:8abb4ef79161a5f58848b30ab6fb98d8c466da21fdd65558ce1d7afc02c70b5f  --hash=sha256:e0d38fa0a75f65f556fb912f2c6790d1fa29b7dd27a1d9cc5591b281321eaaa9
pytz==2017.3 --hash=sha256:80af0f3008046b9975242012a985f04c5df1f01eed4ec1633d56cc47a75a6a48  --hash=sha256:feb2365914948b8620347784b6b6da356f31c9d03560259070b2f30cff3d469d  --hash=sha256:59707844a9825589878236ff2f4e0dc9958511b7ffaae94dc615da07d4a68d33  --hash=sha256:d0ef5ef55ed3d37854320d4926b04a4cb42a2e88f71da9ddfdacfde8e364f027  --hash=sha256:c41c62827ce9cafacd6f2f7018e4f83a6f1986e87bfd000b8cfbd4ab5da95f1a  --hash=sha256:8cc90340159b5d7ced6f2ba77694d946fc975b09f1a51d93f3ce3bb399396f94  --hash=sha256:dd2e4ca6ce3785c8dd342d1853dd9052b19290d5bf66060846e5dc6b8d6667f7  --hash=sha256:699d18a2a56f19ee5698ab1123bbcc1d269d061996aeb1eda6d89248d3542b82  --hash=sha256:fae4cffc040921b8a2d60c6cf0b5d662c1190fe54d718271db4eb17d44a185b7
simplegeneric==0.8.1 --hash=sha256:dc972e06094b9af5b855b3df4a646395e43d1c9d0d39ed345b7393560d0b9173
six==1.11.0 --hash=sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb  --hash=sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9
sqlparse==0.2.4 --hash=sha256:d9cf190f51cbb26da0412247dfe4fb5f4098edb73db84e02f9fc21fdca31fed4  --hash=sha256:ce028444cfab83be538752a2ffdb56bc417b7784ff35bb9a3062413717807dec
tornado==4.5.2 --hash=sha256:62a5d4c66bf4e86d25a02e9de97293860b59e61f9c465e80336ba0fc308aacf6  --hash=sha256:f109c066411c44bcd3bc877267b45feb8e29092ede59dd0582739444c2344b00  --hash=sha256:e66f47db4753c6f6849af1f82f04bdc7d2c1f5d64b7cc11ddd17230295c8887f  --hash=sha256:2b40720a7b164848ca5c51fab0feac7e3717adcb87bec77f81f7809b72bf7f56  --hash=sha256:1fb8e494cd46c674d86fac5885a3ff87b0e283937a47d74eb3c02a48c9e89ad0
traitlets==4.3.2 --hash=sha256:c6cb5e6f57c5a9bdaa40fa71ce7b4af30298fbab9ece9815b5d995ab6217c7d9  --hash=sha256:9c4bd2d267b7153df9152698efb1050a5d84982d3384a37b2c1f7723ba3e7835
wcwidth==0.1.7 --hash=sha256:f4ebe71925af7b40a864553f761ed559b43544f8f71746c2d756c7fe788ade7c  --hash=sha256:3df37372226d6e63e1b1e1eda15c594bca98a22d33a23832a90998faa96bc65e
git+https://github.com/kakulukia/django-post_office.git#egg=django-post-office
git+https://github.com/kakulukia/pypugjs.git#egg=pypugjs

[kennethreitz]

intended behavior

[therefromhere]

Hi @kennethreitz , so does that mean that things like Django version constraints are should be duplicated between the [dev-packages] and [packages]?

Failing example based on @jsatt 's from #1137 (comment) , with pipenv==9.0.1

Pipfile:

[[source]]
url = "https://pypi.python.org/simple"
verify_ssl = true
name = "pypi"

[requires]
python_version = "3.6"

[dev-packages]
django-debug-toolbar = "==1.9.1"

[packages]
django = "==1.8.18"

$ pipenv install
Creating a virtualenv for this project…
...
$ pipenv graph
Django==1.8.18
$ pipenv install --dev
Installing dependencies from Pipfile.lock (7d3083)…
$ pipenv graph
django-debug-toolbar==1.9.1
  - Django [required: >=1.8, installed: 2.0]
    - pytz [required: Any, installed: 2017.3]
  - sqlparse [required: >=0.2.0, installed: 0.2.4]

Which seems wrong - I would expect [packages] to act as a constraint on [dev-packages].

Adding the django version explicitly to [dev-packages] does resolve this, but it seems like unnecessary duplication.

Pipfile with duplicated Django version

[[source]]

url = "https://pypi.python.org/simple"
verify_ssl = true
name = "pypi"

[requires]

python_version = "3.6"

[dev-packages]

django-debug-toolbar = "==1.9.1"
django = "==1.8.18"

[packages]

django = "==1.8.18"

$ pipenv install --dev
Installing dependencies from Pipfile.lock (2197ef)…
$ pipenv graph
django-debug-toolbar==1.9.1
  - Django [required: >=1.8, installed: 1.8.18]
  - sqlparse [required: >=0.2.0, installed: 0.2.4]
pytz==2017.3

Can you confirm?

[jquense]

this is really terrible intended behavior. You'd think an ecosystem that desperately struggles from terrible dependency management would be a bit more open to doing what literally all modern package managers do instead of insisting on being special and different.

[kennethreitz]

we may strive to improve this in the future, but that's far down the road from now, based on the way things are built currently

[kennethreitz]

believe it or not, these tools are complicated, and such a feature request is far from trivial. if you'd like to contribute code to fix this, please do so.

[taion]

Can you clarify, then, whether this is an intentional design decision or not? pypa/pipfile#100

[jquense]

I'm sure more people would be willing to contribute if reasonably detailed issues documenting suboptimal behavior (and asking if it should be different) weren't closed with single sentence responses claiming the behavior is working as designed

[techalchemy]

@jquense it may be closed with only a single sentence but there is significant internal dialogue about how to handle these kinds of issues. This is ongoing and we are continuing to discuss

[taion]

@techalchemy

This really isn't the first time issues here with significant UX implications have been closed with minimal feedback, and no indication on whether PRs are welcome, or whether the current behavior is as intended: #966

These really aren't even difficult things to do – a fairly thin wrapper around the stuff that's already available in pip-tools is sufficient, and we've built proof-of-concepts internally that don't make people who have used other locking package managers scratch their heads in confusion wondering why Pipenv does weird things around managing dependencies that aren't what people expect.

... meanwhile, Pipenv does stuff nobody really asks for like bundling Flake8.

It's not like the community isn't able or willing to submit PRs here, but closing the issue with:

working as intended

And then saying:

if you'd like to contribute code to fix this, please do so.

... really makes me far more inclined to build a better version of this tool that's driven by actual experience with good package managers that I enjoy using.

You are violating your own code of conduct here: https://www.kennethreitz.org/essays/be-cordial-or-be-on-your-way

[kakulukia]

I think nobody argues about package management being difficult to implement. It’s just the comment that should have said:

expected behavior due to current design decisions

And it should point to a well documented issue where the cause of this is explained so that people might be able to jump right in and fix it, because it sounds like @kennethreiz kinda knows why this is happening.

And I still refuse to believe pipenv is actually intended to work that way! So for my part I read „currently intended behavior - about to change, but may not that soon“. Thanks for the good work so far. And please open a known issue ticket yourselves so that people know about you internal discussions rather than reading that you ignore kinda serious problems.

Im willing to help out here. Please give us some hints!

[taion]

To be entirely clear here, you can get a sense of how involved we've been in the OSS community from our GH profiles – and that's in using, maintaining, and contributing to projects.

I don't believe I've ever had as intensely unpleasant experiences with anybody in OSS as with @kennethreitz in my three brief interactions with him:

• Updating only one locked dependency #966 (comment)
• Pipenv ignores conflicts between default and development dependencies #1137 (comment)
• Pipfile.lock should use flat collection of dependencies pipfile#100 (comment)

And that includes the time I, as a maintainer, made a hostile fork of a project with something like a million downloads a month.

[kakulukia]

Maybe another person wrote the code of coduct and he just posted it without even reading it .. i like the essay! Maybe its just time for a little time off to lower the general annoyance level?

[kennethreitz]

@taion i'm sorry you feel you've had negative experience by my lack of verbosity when responding. There are dozens and dozens of tickets to respond to, and I have a limited amount of time. None of my responses were non-cordial, they were simply terse. There's a big difference.

This is a free project done by volunteers who are extremely constrained on time. Contributions are much more welcome than requests for changes, which is why these issues keep getting closed. We're having a hard time keeping up, at the moment, with our small team (which is growing), and we have to pick and choose our battles.

Pipenv strives to be an ideal tool, and in many ways, it is. But, if we cater to every incoming request with either allowance or excruciating detail of why we aren't going to persue that option at this time, we'd have no time to work on the code itself.

If you'd like to help contribute to this project, please do so!

[kennethreitz]

@taion another reason why details aren't given is because they simply aren't available at this time — if we had all the answers for the future, we'd either be implementing it or sharing it when appropriate. When terseness is present, it is because the future is unclear, the feedback is noted, and we will continue to toil away at the tool to improve it and iterate on it as we best see fit.

This is a project done by individuals, not a piece of software owned by a community that is responsible for it's direction. We, the maintainers, and I, the creator of this project, are solely responsible for the direction of this project and its future, and all feedback given is appreciated.

But it is simply that — feedback. A closed issue doesn't mean a solution will never come. It simply means it's off our immediate to-do list.

[taion]

@kennethreitz

I'm sorry, but your behavior is simply not consistent with your claims. The point of these issues is to solicit feedback from the community on what the correct behavior simply is. As a project maintainer, it's your responsibility to give a better answer than

I have no idea.

when asked about questions like #966 (comment).

Certainly it's within your right to say in cases like pypa/pipfile#100 (comment) that

this is contrary to the fundamental design of how pipenv works

but this is simply an extremely unsatisfying answer, given that your design there has directly caused this bug, and that it's contrary to how the other locking package managers on which you've modelled Pipenv work.

You've been around long enough to know how external contributions to OSS projects work, I hope. They don't work by closing discussions with "we're not going to fix this". And claiming that it's

intended behavior

is not just terse, it's dismissive and borderline rude.

[audiolion]

Hey so I ran into this issue this morning with the Django thing, I think this bug might have a pretty widespread impact because Django/django-debug-toolbar are a really common pairing and for all the people on 1.8/1.11 and py2 which are both still in LTS are going to run into this:

pip.exceptions.InstallationError: Command "python setup.py egg_info" failed with error code 1 in /var/folders/0b/phw6chc96r78hqbm56c0_w4r1ft3hs/T/tmpCbp0tabuild/Django/

and not really have any idea what is going on. As an experience python dev it took me half an hour to find this issue in the github issue tracker, a new pythonista who is using the pypa recommended pipenv will likely just be discouraged and frustrated. Perhaps an immediate to-do is to provide an error hint when this situation occurs and a link to documentation of how to fix it (mirroring packages in both dev and regular packages).

[kennethreitz]

I have no responsibility to anyone, I am giving away free software that you are free to use or not. Please take your attitude elsewhere.

---

Pipenv was not modeled after bundler, npm, yarn, cargo, composer, etc. But it took inspiration from them. It is in no way responsible for making the same design decisions they do. In fact, it seeks to do the opposite, in many cases.

---

It is important to remember that this ball is already rolling, making sweeping changes to the fundamentals of how things work at this point is out of scope, until our new senior developer, @ncoghlan joins the team next month to start taking the project "up a knotch".

Until then, you're going to have to be content with the (imo, excellent) software with which you are provided, even if it has quirks. Don't demand perfection, especially from volunteers. This shit is stressful, believe it or not.

[kennethreitz]

@audiolion install pipenv with python3. The documentation now makes this pretty clear, but we could do a better job of saying so.

[kakulukia]

@kennethreitz just out of curiosity: wouldnt it be more helpful for a known 'bug' to stay open so that people can find it?
This way it will stay visible for everyone having the same error that its hard to fix for the moment but its on the TODO (no matter at what position). Thus the same issue wont get posted over and over and it could be labled with 'help wanted' so future contributers can see whats on the TODO list. I dont get why an open bug gets closed just because it has no priority.

And i think you agree that it is a bug.
And there also is a workaroud available that should work in most cases, which will be found easier when the issue stays open.

[jquense]

If you are planning on running this project like a personal hobby project (you definitely can!) please don't also try and be the recommended packing solution for all of python. You of course can do whatever you want, but its silly and naive to think that people should expect nothing from you in terms of project management, attitude, or governance, while also trying to provide defacto standard core tooling for an entire PL ecosystem.

Its frustrating to see a much need thing being designed and managed by folks so embedded in their corner, that they are intent on ignoring the collective work of many folks in this space, as well as legitimate attempts by folks to contribute, turned away

[taion]

Good luck.

[kennethreitz]

As I said, the team is expanding, and we'll have more bandwidth in the coming months to take a different approach. Until then — be patient.

[kennethreitz]

@kakulukia if you think that's a good idea (which it is), please send a pull request adding a TODO file :)

[kennethreitz]

FYI this thread inspired me to write two posts today:

• http://journal.kennethreitz.org/entry/feeling-better
• http://journal.kennethreitz.org/entry/lots-o-things

[kakulukia]

@kennethreitz no you misunderstood me there .. i dont mean that anybody should be involved in managing a todo list.
I just thing its better to keep issues open .. probalby rename em to mimic the basic problem and tag em with github labels so people see a 'help wanted' label on harder tickets.

And those labeld tickets will BE the always up to date todo list (missing a priority tho).

Plus the added bonus of people not creating duplicates (fi they search first - i know its hard some times :D) or being able to maybe find a workaround or help tracking down the cause of the bug.
Much better than having hidden discussions.

Because that ticket being closed probaly wont catch my attention while im searching for ways to contribute.

[audiolion]

Thanks for the reads @kennethreitz , I think if people read these it will help them empathize with your situation. I won't deny that I have been frustrated by the terse responses or the closed issues with no comments before, but I also know that you are doing this with your own free time and have so much going on so when I consider that it is easy to quell those feelings and try to be respectful as possible.

Pipenv has started to be recommended as the tool to use and has come under higher scrutiny as a result. When things break between minor releases, when easter eggs cause crashes, when things break unexpectedly due to Pipfile lock resolution issues, it culminate in a lot of pressure due to the expectation that this is a product designed for everyone to use and should be the standard. I believe this is the source of frustration for many people who are spending many hours moving projects over to pipenv and updating docs and workflows for pipenv, to then run into showstopping bugs that are met with the aforementioned terse responses and closed issues. This signals to me at least that the product is not ready yet due to lack of resources and support and thus should not be advocated so highly until such time as it is ready.

[taion]

@audiolion That's a very solid proposal. Pipenv is definitely an improvement over using pip on its own, but as-is the experience is not really satisfactory compared to just using pip-tools directly.

[kennethreitz]

Or, you could, you know, offer to join the team :)

[taion]

@kennethreitz

I'd be happy to submit PRs, but as-is you haven't provided any actionable feedback on ways to proceed.

So I'll ask again – what is the intended behavior here, in #966 (comment), and in pypa/pipfile#100?

I'm not asking you to code these features. We're fully capable of doing that on our own – but as the project maintainer, the onus is on you to say what the intended behavior actually is.

[jquense]

Ditto ^

[kennethreitz]

You guys just don't take a hint do you?

[ncoghlan]

While I'm not fully back from vacation yet (and won't be until next week), I've posted a proposal at #1255 that should allow these conflicts to be detected when installing the dev packages, while still respecting the underlying architectural limitations that make it difficult to re-use the dependency flattening techniques adopted by other ecosystems.

[kennethreitz]

i just took a stab at this fdebdc3

[kennethreitz]

should be fixed in master