The problem with old Python code is that you then have to hunt for exactly the right version of the right libraries that can work together when the stars are aligned.
The problem with old Python code is that you then have to hunt for exactly the right version of the right libraries that can work together when the stars are aligned.
Isn't that true of any packaging system? (npm, RubyGems, etc) Perhaps it's a bit easier, with the respective spec files, but it's still a bit of a hunt.
No. Decent packaging systems like used in the Java world have deterministic or mostly-deterministic dependency resolution; semi-decent packaging systems like the ones you mention have lockfiles. Pre-uv Python packaging is uniquely awful.
What do you prefer for lockfiles in the Java world? I’ve been trying to drag a couple of Maven teams into the 2010s after finding that they weren’t.
You don't need them. Maven has deterministic dependency resolution (unless you use version ranges, but don't do that), so you just write your dependencies. (The flipside is you may want to get in the habit of doing something like versions:use-latest-releases as a regular housekeeping task so that you pick up any security updates, but that tends to be less of an issue in Java-land for other reasons)
Depends on exactly how the project is managed. Older python tooling (`pip` module) doesn't have a native mechanism to differentiate between the spec (direct dependencies) and freeze (all dependencies, including transitive).