-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Handling new distributions added after locking #3022
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
You are correct that Pipenv should do this, ideally, but Pipenv leverages a lot on pip, which does not support this. I am already working on pip internals to extract logic so we can do this, but this is not as easy as you might imagine. |
I believe it's not really that hard, we just need to define the desired behavior first (which will require a If not, we have some options:
|
Just to clarify: My “this is not as easy as” comment was for “working on pip internals”, not the issue itself. |
Well I think we can outline what we want as a desired behavior pretty easily. The hard part will be getting consensus and implementation |
(Sorry, commented on the wrong issue) |
A few days ago, the
zope.interface
maintainers added some new distributions to their4.5.0
release. This broke our builds, becausepipenv install
downloaded the newcp36-manylinux1
wheel, which did not match any of the saved hashes.Ideally,
pipenv
would not attempt to download any distribution that does not have a hash in the lockfile. This may not be easy without work on pip's side (pypa/pip#5874), but I wanted to bring it to your attention.The text was updated successfully, but these errors were encountered: