As a user of pip install package and then pip freeze > requirements.txt, I was surprised to see a requirements.txt like this:
# Flask
# License: BSD
# Upstream url: http://github.com/mitsuhiko/flask/
# Use: For API.
Flask==0.10.1
# Flask Scripting support for Flask
# License: BSD
# Upstream url: http://github.com/techniq/flask-script
# Use: For CLI scripts.
Flask-Script==2.0.5
They have taken care to specify packages they need in specific versions. In contrast, (my usage of) pip freeze will bloat the file with dependencies as well, and versions may not be tightly controlled.
Is there a good reason to explicitly fill in requirements file instead? I can think of:
- easier to remove packages when obsoleted, hence fill in requirements “by hand”
- at scale, subtle bugs in API-compatible later versions can cause trouble, hence the version freeze
2
To overcome the complexity of requirements.txt you could use VirtualEnv. It isolates project dependencies from the rest of the system. As a side effect pip freeze will only print out dependencies that are relevant to your project.
But in general, you use pip freeze only once and then maintain requirements.txt manually.
1