Skip to content

Commit 4b8c241

Browse files
connesyconnesy
authored
Update README.md
Add footnote describing issue with credentials
1 parent 5199559 commit 4b8c241

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

README.md

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ $ venv install requirements.txt
105105
```
106106
are equivalent.
107107

108-
The installed packages are then _locked_ into the corresponding `.lock`-file, e.g. running `venv install dev-requirements.txt` will lock those installed packages into `dev-requirements.lock`.
108+
The installed packages are then _locked_ into the corresponding `.lock`-file, e.g. running `venv install dev-requirements.txt` will lock those installed packages into `dev-requirements.lock`[^1].
109109

110110
Installing packages this way makes sure that they are tracked, since installing them with `pip install` will keep no record of which packages have been installed in the environment, making it difficult to reproduce later on.
111111

@@ -126,7 +126,7 @@ matplotlib
126126
The `-r requirements.txt` will make sure that installing development requirements also install production requirements.
127127

128128
## Reproducing environment
129-
To install a reproducible environment, you need to install from a `.lock`-file, since those have all versions of all requirements locked. From a clean environment (no packages installed yet), run
129+
To install a reproducible environment, you need to install from a `.lock`-file, since those have all versions of all requirements locked[^1]. From a clean environment (no packages installed yet), run
130130
```console
131131
$ venv install requirements.lock
132132
```
@@ -185,3 +185,6 @@ Releases are made by creating a branch `release/vX.X.X` from `develop`, where `X
185185
## License
186186

187187
[MIT](https://choosealicense.com/licenses/mit/)
188+
189+
[^1]: A current limitation of using `pip freeze` under the hood is that installing packages from a version control system (VCS) URL that requires authentication, e.g. `private_package @ git+https://USERNAME:[email protected]/my-user/private-package`, the authentication is not locked (see https://github.com/pypa/pip/issues/12365).
190+
These credentials can either be inserted manually into the generated `.lock`-file, or the credentials can instead be stored in a `.netrc` file, which `pip install` will then reference when running `pip install`: https://pip.pypa.io/en/stable/topics/authentication/#netrc-support

0 commit comments

Comments
 (0)