I am raising this to inquire what the maintainers think about transitioning from requirements.txt to pyproject.toml
My understanding is that more and more tools in the Python ecosystem are transitioning to centralizing all project development config within pyproject.toml as specified in pep 518
By switching to pyproject.toml the project would get
- increased interoperability with more python tooling
- the ability to move config files like
pytest.ini into the pyproject.toml file and centralize configuration for development tooling
- standardized dependency groups according to pep 735 instead of separate requirements files
- more flexibility regarding specifying versions of dependencies
- the ability to remove
setup.py. My understanding is that setup.py is older and historically has had security concerns due to allowing arbitrary code execution during build time.
I am raising this to inquire what the maintainers think about transitioning from
requirements.txttopyproject.tomlMy understanding is that more and more tools in the Python ecosystem are transitioning to centralizing all project development config within
pyproject.tomlas specified in pep 518By switching to
pyproject.tomlthe project would getpytest.iniinto thepyproject.tomlfile and centralize configuration for development toolingsetup.py. My understanding is thatsetup.pyis older and historically has had security concerns due to allowing arbitrary code execution during build time.