This post is the first in a series that explains potential issues related to dependencies. It does not attempt to explain all nuances of package management and supply chain security, but can serve as an introduction to some Python-specific parts. In this post, we will go through what happens when you install a package and how to specify a version. We will also go through the dependency resolution that happens when pip tries to find compatible versions and lastly a short explanation about distribution formats....

I have just updated my Python project template cookiecutter to use PEP 621/“metadata in pyproject.toml” as well as other minor fixes. The template is “reasonable modern”, meaning that it is using the latest standards, but still relying on tested and stable tools. For projects with many collaborators and where stability is important (e.g., work), I think this is the best approach. I do like testing new package managers, tools and linters in my own projects with no other developers....

This post shows a way to easily compile and use requirement files for multiple Python versions in tox. The gist is to use the tox environment names and {envname} variable to generate and reference the requirement files. I plan to expand my thoughts about dependency management and compiled requirements in future posts and this post therefore only contains a small motivation why you should compile. Why compile dependencies? Compiled dependencies are mainly a tool for services or other Python code that will be deployed in one way or another....

Hello world, and welcome to my new blog. This blog is an attempt to write down something interesting from my thoughts. Let’s see how this goes.