6

As a user of pip install package and then pip freeze > requirements.txt, I was surprised to see a requirements.txt like this:

# Flask
# License: BSD
# Upstream url: http://github.com/mitsuhiko/flask/
# Use: For API.
Flask==0.10.1

# Flask Scripting support for Flask
# License: BSD
# Upstream url: http://github.com/techniq/flask-script
# Use: For CLI scripts.
Flask-Script==2.0.5

They have taken care to specify packages they need in specific versions. In contrast, (my usage of) pip freeze will bloat the file with dependencies as well, and versions may not be tightly controlled.

Is there a good reason to explicitly fill in requirements file instead? I can think of:

  1. easier to remove packages when obsoleted, hence fill in requirements "by hand"
  2. at scale, subtle bugs in API-compatible later versions can cause trouble, hence the version freeze
Ixrec
  • 27,621
  • 15
  • 80
  • 87
Jesvin Jose
  • 257
  • 1
  • 9
  • Are you asking if you should manually construct requirements.txt *instead of* using `pip freeze`, or if you should manually *maintain* the requirements.txt file *after* using `pip freeze` to generate it? – Ixrec Dec 22 '15 at 11:47
  • 1
    @Ixrec its if I should manually construct requirements.txt instead of using pip freeze – Jesvin Jose Dec 22 '15 at 12:17

1 Answers1

2

To overcome the complexity of requirements.txt you could use VirtualEnv. It isolates project dependencies from the rest of the system. As a side effect pip freeze will only print out dependencies that are relevant to your project.

But in general, you use pip freeze only once and then maintain requirements.txt manually.

synthomat
  • 256
  • 1
  • 5
  • 1
    Just be aware that `pip freeze` will write out __all__ off the installed packages. This will include dependencies of your dependencies. It's best to only list your direct dependencies so there are not issues when you update the version of a dependency which changes its own dependencies. – unholysampler Jul 19 '16 at 17:00