Add CEP for frozen environments #99
Conversation
|
Something like this plugin (which uses a |
|
I wonder if what you had in mind for pixi itself. I assume it should add the frozen file to the environments it creates to prevent other tools to modify it. But should it also respect environments that have this file and not modify them? With regard to the base environment, when will the frozen file be added? Will a user, after adding it, always have to pass an override flag? |
Oh yes, I need to add this to the CEP references. It's essentially what conda-protect does, but with some inspiration for EXTERNALLY-MANAGED. I envision that conda-protect could be updated to honor this
Correct.
Yes. Modifications should only be allowed with some manual override. We are trying to prevent users from shooting themselves in the foot, mostly by accident. But AFAIK, pixi does not really modify foreign environments, does it? |
Hm should we add a |
I was wondering about it but the equivalent PEP was kept deliberately simple. If the tool that froze the environment was to "sign it", then it can do so in the text message. The timestamp can be obtained from the modification time on disk too. I have nothing against adding the keys, but I want to make sure we are not falling into premature optimization with extra keys. |
🔎 Check Markdown preview.