Matt Davis

@xyxz-web hash collection of all packages is a specific feature of pypi. There is no API into private pypi servers for collecting the set of hashes, and I suspect that...

> I think this is a really important problem to solve right now. I agree with you, it is becoming higher on the list of priorities and we have tackled...

@januszm Thanks I will take a closer look at that later, fwiw, I think you may be actually installing pre-built wheels for the platform. For example, there are prebuilt arm64...

@drorata I am not sure how the markers are making it into your Pipfile for numpy ... I just locked on many different systems numpy, on windows, linux VM, Mac...

Also noting to the larger group that I am unable to reproduce getting not the full set of hashes for some of these packages on `pipenv==2022.8.24` -- I tried multiple...

@thehesiod That is really complicated, I mean perhaps possible to specify all that to the pip resolver, but never the less couldn't your example be boiled down to this for...

I spent some time on this today and what I found was somewhat discouraging -- internal to the pip resolver the markers of transitive dependencies are processed and those requirements...

I am thinking that named categories may help out with this issue -- See: https://github.com/pypa/pipenv/pull/5366 For example: ``` $ cat Pipfile [[source]] url = "https://pypi.org/simple" verify_ssl = true name =...

@thehesiod The problem is you cannot create the pipenv locks on the system you are not on for transitive dependencies or sdists that need to be built on that specific...

I am using the master branch, actually my branch that upgrades pip to 22.x, but I am getting that is not a valid command: ``` matteius@matteius-VirtualBox:~/shared-projects/pipenv-triage/pipenv-4973$ pipenv install --system --python...