Paul Moore

I don't think pip should be pushing users to upgrade their Python installation - that feels backwards to me. I'm happy with our current policy of dropping support for Python...

It’s not so much a matter of not our problem, more a case that I’d want the core team to take the lead on any effort to get people to...

This looks like pip is expecting its cache directory to be in a different place than the default. Did you at any stage move your Python installation from one drive...

I agree with @ichard26 - we should prioritise correctness over performance. Claiming there is no solution when there is one, is a bug, and we should prioritise fixing that even...

> Here's to another day where I am annoyed that botocore has thousands of releases... even if it keeps us honest. I'll be blunt, I think that "thousands of releases"...

> Setting aside the problem of thousands of releases, these complex dependency graphs naturally arise from how Python packaging handles dependencies. Agreed 100%. I'm not trying to minimise the complexity...

For abuse, how about a sdist that included an index URL in its `pyproject.toml` alongside a build requirement that *looked* OK, but was substituted with malicious code on the replacement...

> This proposal is for local projects, not packaged ones Sorry, I'd missed that. How would it work then? Would pip have to change its config settings mid-run, when it...

> in this case the pyproject.toml "x.tool" section should only really appy to build backends, not to frontends using it That was the original intention. Unfortunately (or fortunately, depending on...

> Wondering if models.pylock is good enough to become a standalone lib... ... or maybe as part of the `packaging` library?