-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ignore installed packages during solving #9851
ignore installed packages during solving #9851
Conversation
@dimbleby doesn't this break the case where system site packages are used for packages that are only available via os package management? While this is not an explicitly supported case, we have been relaxed on such scenarios - this change will start breaking those cases. Might not be a bad thing, just raising this as I have seen this workaround being used in the wild by some clients of mine - particularly for packages with native extensions. In a away would be good to see if anyone complains and if so, we might need to figure out a better way to support a "system"or "external" source more explicitly when the behavior is desired. |
in such cases: just do not declare the dependency indeed - if such cases even exist - declaring a dependency on such a package would open the door to horrors where I publish a package with a name that deliberately clashes with your system package. Then poetry will upgrade that package and break your system. |
Can you add a small FAQ entry for this (why installed packages are not used) as well so we can point to it when inevitably it comes up in an issue? |
I am not sure that I believe there even are any such cases: in that context I expect zero questions about it rather than frequent questions! Do you have any examples? Without a concrete example I fear that a FAQ would have to be written rather abstractly... I think I would suggest deferring FAQ entries until such time as the question is frequently asked. |
Ah, perhaps we are at cross-purposes. I doubt that the os-package-manager-only case exists, but maybe you think a FAQ is worthwhile anyway for the more likely case of local development? Even then I would propose starting with a changelog / release note entry and promote that only if and when there are frequent questions. But I can leave some helpful text here for when that changelog comes, perhaps something like:
|
Sorry, should have been a bit clearer there. I was thinking about the "developing against unreleased packages" case, not the system package case. The latter is definitely rarer, I agree. I am okay with deferring it if you reckon that is not a common enough scenario. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving this as I concur with the rationale that installed packages should not be a source of truth when solving. Doing so is decidedly an anti-pattern.
If, in the future, there is a legitimate reason to use a source for package metadata that is not already a valid source, this must be implemented as a new source type with explicit details around how it gets handled.
This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
fixes #8328, #9774
Currently-installed packages have no place in the locking process. Folk who are doing development against unreleased projects can and should use a path dependency, or a git dependency, or a dependency on a private index, or a privately built wheel