Better not pip freeze

I recently bumped into a head-scratching issue at work when using pip freeze -r requirements.txt to generate Python package dependencies.

As a very short recap of the incidence, the generated requirements.txt file borked one of my virtual machines at work because pip freeze actually contained every package in the environment, including some mysterious lines that are only specific to a particular session of the virtual machine. When I shut down the previous session and tried to restart the virtual machine, some setup script tried to automatically install everything in the requirements.txt file, which led to a failure to reboot.

Part of the problem was how my virtual machines are configured, i.e. it automatically tries to scan for a Python requirements file and run pip install on it. However, this also prompted me to look deeper into the issue. I stumbled upon this Reddit post which explains exactly the shortcomings of pip freeze.

I suppose it is soon time for me to experiment with poetry or uv (see also this fascinating talk on the mathematics of package management here).