Always show version in pip command #9449
Conversation
|
Pinning all the dependencies isn't always advisable, because you'll likely miss security updates. Have you, by any chance, considered using pip-compile or a similar tool (poetry, pipenv, ...) to maintain a |
|
Yes, and I use those in some of my projects. I am thinking of this from mainly from an average user's point of view. The vast majority of people (I think) use plain old requirements.txt, and not those tools, so that seems like the use-case it seems to be worth supporting. For most software being developed continuously inside a company or whatever, users probably always want to specify a precise version, because they want complete control over when they ship security updates. From my experience this is true -- all serious Python projects I've worked on just have requirements.txt with specific version pinned. In my case, I also use Dependabot to trigger security updates in a controlled way, and it only works with requirements.txt files with specific version. |
The most common reason I find myself going to PyPi is to find the latest version to copy & paste into my `requirements.txt`. It'd be really nice if the main package page had the string that goes into requirements.txt. What I usually do is copy and paste the title, and edit the space to be `==`.
The most common reason I find myself going to PyPi is to find the latest version to copy & paste into my
requirements.txt. It'd be really nice if the main package page had the string that goes into requirements.txt. What I usually do is copy and paste the title, and edit the space to be==.