Comments (8)
Yeah, there's a lot of weird interactions here between different features that were never really intended to be used together. If we had a clean slate, a lot of these things would simply never have been allowed - but it's too late for that now as people are using them, and we have to do the best we can to find sane and maintainable solutions...
from pip.
(This may be a duplicate of #10216)
from pip.
The problem is that if we were to install humanize
from the URL you give, that would work now. But suppose someone updates humanize
in a way that breaks compatibility with your bug
package. The editable install means that the code change would be picked up and your environment would be broken.
In general, you shouldn't depend on code at a "changeable" URL like a git branch head, but you should rather depend on a specific commit. That avoids your dependencies breaking unexpectedly. It's hard to say more with only an artificial example to go on. But the basic answer is that "you shouldn't be doing this". Either you should be avoiding dependencies on URLs that don't point to a fixed commit, or you shouldn't be using editable installs.
Making this "work" (in some sense) would be a rather significant change to how pip models dependencies, and I don't think it's something we'd want to do just to support a usage which is at best questionable.
from pip.
The problem is that if we were to install
humanize
from the URL you give, that would work now. But suppose someone updateshumanize
in a way that breaks compatibility with yourbug
package. The editable install means that the code change would be picked up and your environment would be broken.
I agree - but isn't that the point of editable install from Git?
In general, you shouldn't depend on code at a "changeable" URL like a git branch head, but you should rather depend on a specific commit. That avoids your dependencies breaking unexpectedly. It's hard to say more with only an artificial example to go on. But the basic answer is that "you shouldn't be doing this". Either you should be avoiding dependencies on URLs that don't point to a fixed commit, or you shouldn't be using editable installs.
Point taken, but the URL being "changeable" is not the issue here, I believe. I can reproduce the same behavior with more specific URLs:
pyproject.toml
[project]
name = "Bug"
version = "0"
dependencies = [
"humanize @ git+https://github.com/python-humanize/humanize@b1e5d43c6fd44dbaf0ad86339f63bfa04982d707#egg=humanize",
]
and
pip install -e . -e git+https://github.com/python-humanize/humanize@b1e5d43c6fd44dbaf0ad86339f63bfa04982d707#egg=humanize
Making this "work" (in some sense) would be a rather significant change to how pip models dependencies
Accepted. In that case, I think the error message might use improvements.
I don't think it's something we'd want to do just to support a usage which is at best questionable.
(I am not sure that argument still hold in light of commit-based URLs.) But again, if pip
does not support that, it could be make more transparent to the user. I think that is my main point.
from pip.
In that case, I think the error message might use improvements.
Sure. In which case, a PR would be welcomed.
from pip.
One more comment now that I have read #10216 (comment), where you wrote "two repositories": my expectation was that pip
recognizes the two repositories being the same, and applying -e
from the command-line override to the to-be-installed dependency. Hence installing humanize
only once, in editable mode, which should satisfy "both" requirements (the pyproject.toml
one and the command-line one).
from pip.
(And I think #11899 would give me exactly that.)
from pip.
Presumably duplicate #12502, #12520
Did something change or did everyone just decide this was a good time to try this?
Or perhaps folk have just got worse at looking for duplicates...!
from pip.
Related Issues (20)
- [RFC] Making the changelog audience-oriented HOT 2
- Update urllib3 to 1.26.18 or above HOT 1
- A problem HOT 2
- `Failed to get local issuer certificate` error with pypi.org
- Add the OpenSSF Scorecard Github Action HOT 16
- clamav recognizes `pip-24.0-py3-none-any.whl` as malware HOT 7
- pip freeze crashes when PATH is incorrect HOT 1
- Error trying to install postorius HOT 2
- Uninstalls happen in incorrect order, resulting in broken packages HOT 1
- telegram.ext HOT 1
- -vv is not passed to build env install subprocesses
- How to use the `` --config-settings`` on the requirements HOT 1
- zsh: command not found: pip HOT 2
- Documentation inconsistency in #DependencyResolution chapter HOT 1
- CodeQL SAST scanning for pip repository HOT 1
- `pip install *.tar.gz[optional_dep]` cause glob to fail HOT 3
- Cache wheel files retrieved from HTTP cache
- Performance Issue: Too many hashes in RequirementPreparer
- `pip debug` causes `AttributeError` in Python 3.13
- Strange backtracking HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pip.