Most of the "requirements.txt" I come across in the real world do not actually l... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		closeparen on Aug 24, 2020 \| parent \| context \| favorite \| on: Challenge to scientists: does your ten-year-old co... Most of the "requirements.txt" I come across in the real world do not actually lock down all deps to Python 2.7 compatible versions. I've been able to get most of them running again, but it's a long porcess looking through changelogs to find the last 2.7-compatible version of each dependency.

hobofan on Aug 24, 2020 [–]

Yes, because the "requirements.txt" is a dependency requirements file and not a lockfile. It took the Node.js ecosystem an embarrassingly long time to arrive at that insight, and I feel like the Python ecosystem/community still isn't there yet (though finally it's easily usable with Poetry).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact