Christian Theune

pip-tools looks definitely interesting for this. The filenames are a little bit different from what we currently use. Do you know whether they properly support editable and version control dependencies?

I did update the install/bootstrap stuff and some general consistency for batou 2. But I haven't managed to go through the whole changelog and update the docs. I'm deferring that...

The alternative is to not use "==" if no version is given. I personally prefer being explicit and always pinning, but I'm not sure whether this removes flexibility that might...

We could allow adding (multiple) URLs (to the encrypted file? to the public environment file?) that provide SSH public keys and are refreshed during re-encryption (but can work with the...

When updating the public keys we should record them (and commit them) in the encrypted file as a cache. When re-encrypting we should try to update but allow for offline...

Public directory API is somewhat of a confidentiality issue where an RG needs to have a token instead of a a guessable name. /rg///... (users|login|sudo-srv|...).pubkeys

This is Python 3.10, right?

The current implementation looks quite good already. Notes to do from the review: * [x] support creating new environments with age (use `secrets-provider = age|gpg` and default to gpg in...

Oh this could also be interesting to solve the other problem. We might just use `git ls-tree` if available to determine the list of files to sync.

See also https://yt.flyingcircus.io/issue/FC-23972 And @sysvinit has been bitten by execnet rsync not deleting things also.