undefined | Better HN

0 pointsTechBro86152y ago0 comments

Now wait two years, run the same command, and see what happens.

0 comments

ptx2y ago

What are you implying will happen?

Using the built-in tools, you can save the exact versions of dependencies (i.e. a lock file) using "pip freeze >dependencies.txt". This should give you the exact same set of packages in two years' time.

If you want to be even more sure, you can also store hashes in the lock file. This has to be generated by a separate tool at the moment [1][2] but can be consumed by the built-in tools [3], so "pip install -r requirements.txt" is still all you need in two years' time.

This is also explained in the pip documentation [4].

[1] https://github.com/pypa/pip/issues/4732

[2] https://pip-tools.readthedocs.io/en/latest/#using-hashes

[3] https://pip.pypa.io/en/stable/topics/secure-installs/#hash-c...

[4] https://pip.pypa.io/en/stable/topics/repeatable-installs/

j / k navigate · click thread line to collapse