Developing for pipx install in light of PEP 751 (lock files again)

[itcarroll]

I would like to know whether PEP 751 is being considered by pipx developers and how pipx might use the proposed "pylock.toml" file.

The PEP rational begins "The format is designed so that a locker which produces the lock file and an installer which consumes the lock file can be separate tools." Because package locking is a need for Python applications and pipx is a (the?) primary PyPA project for installing Python applications, I guess pipx should be a consumer of lock files. Is that planned?

One thing I'm not clear on with the PEP is whether "pylock.toml" is meant to be part of an application package (i.e. in the distribution on pypi). Is that the idea? How else would pipx get to consume it?

[guillermodotn]

The pylock.toml file is meant for environment management rather than packaging. As such, I don't see it being included in tools like pipx, as this file isn't part of Python packages themselves. It's more relevant during the development phase.

That said, other PyPA projects like virtualenv would really benefit from this proposal, as they focus on environment management.

Regarding the possibility of future inclusion, it might make sense if the standard were adopted for scenarios where you install a package directly from a version control system (VCS) URL, with a command like:

pipx install VCS_URL

This could provide a way for pipx to consume the lock file in the context of a development environment setup.