> but I guess it could be interpreted as “you can find the package here, and I promise it satisfies the given specifiers

Promising to satisfy a vague constraint isn’t very useful though, is it? Since it’s not providing a strict pin you aren’t even getting enough information to leverage the local cache until you actually download the contents, even in the best case

The only useful case I can think of is this one:

·         I make a new package which declares two dependencies, for example, and lets say both are on PyPI – ‘Dep A’ and ‘Dep B’

o   ‘Dep A’ has direct dependency “foo>=1.0@ git+https://github.com/bar/foo.git@some-ref”

o   ‘Dep B’ has direct dependency “foo>=1.5@ git+https://github.com/bar/foo.git@some-other-ref”

·         A resolver _could_ use this information to determine that actually, it’s correct to use the version declared by ‘Dep B’

·         This highlights the important distinction here:  just like with normal packages, the specifier is still being used to dictate which versions of foo would satisfy the requirement, _not the version that is currently found at the given url_

·         Similarly when I specify a constraint such as “setuptools>=38.2” I don’t know which version I will get when I perform the installation or resolution, but I will be able to step through the resolution and compare other appearances of “setuptools”

·         This starts to feel like the question I asked in the other thread—what happens if you supply a specifier and we find a better match on PyPI?

o   I feel like this complication starts to unravel the purpose of a direct url; it should not be compared – I’m guessing we’d want to either fail resolution or privilege the URL if the downstream constraint isn’t satisfied by the provided direct url

·         So that leaves me with -- specifiers may be useful for comparison but _only_ for comparing direct url subdependencies