How do I specify that a package is installed from conda?
It says "A dependency source can be a Git repository, a URL, a local path, or an alternative registry."
Conda is a registry, but I couldn't find information about how that works. I'm assuming it specifically means a PyPI-like registry?
(Even worse would be if I have a package which used ctypes to use a shared library installed by a C package available through a distro package index.)
Reading your [2], I see uv will have problems with a package of mine. I have an old version on PyPI, but years ago I switched to hosting newer releases on my own server. (I believe PyPI's intermediation makes my sales pipeline worse.)
This works with pip, because it sees my version is newer than the one on PyPI, but for uv it will require 'unsafe-best-match', or 'unsafe-first-match' with my server before PyPI.
And since that value is set through an environment variable, it means people will need to unset it for other uses.
Meh. I've documented that my server is not meant for high availability, and anyone who wants that should purchase a source license and host it themselves locally. That's what I would have to do if I were to switch away from my current persistent venv.
BTW, pip's constant check for updates means that this year 88 people have trusted me to not update their pip installs. For that matter, I see some dependabot checks for certifi, aiohttp, and more - what an excellent way to raise some false alarms.
It says "A dependency source can be a Git repository, a URL, a local path, or an alternative registry."
Conda is a registry, but I couldn't find information about how that works. I'm assuming it specifically means a PyPI-like registry?
(Even worse would be if I have a package which used ctypes to use a shared library installed by a C package available through a distro package index.)
Reading your [2], I see uv will have problems with a package of mine. I have an old version on PyPI, but years ago I switched to hosting newer releases on my own server. (I believe PyPI's intermediation makes my sales pipeline worse.)
This works with pip, because it sees my version is newer than the one on PyPI, but for uv it will require 'unsafe-best-match', or 'unsafe-first-match' with my server before PyPI.
And since that value is set through an environment variable, it means people will need to unset it for other uses.
Meh. I've documented that my server is not meant for high availability, and anyone who wants that should purchase a source license and host it themselves locally. That's what I would have to do if I were to switch away from my current persistent venv.
BTW, pip's constant check for updates means that this year 88 people have trusted me to not update their pip installs. For that matter, I see some dependabot checks for certifi, aiohttp, and more - what an excellent way to raise some false alarms.