I’m working with multiple (private) pip registries (e.g. GitLab). My pip.conf looks like this:
[global]
index-url = url.to.registry_1/pypi/simple
extra-index-url = url.to.registry_2/pypi/simple
Both registries contain the same package with the same version:
| registry | package name | version |
|---|---|---|
registry_1 |
package-b |
0.2.0 |
registry_2 |
package-b |
0.2.0 |
When I run:
pip install -vvv package-b==0.2.0
pip collects candidates from both registries and installs one of them. Example log snippet:
Found link package_b-0.2.0-py3 (from registry_1)
Found link package_b-0.2.0-py3 (from registry_2)
Collecting package-b==0.2.0
Using cached package_b-0.2.0-py3-none-any.whl
Successfully installed package-b-0.2.0
I understand, that pip normally picks the highest version from all candidates it finds (see the docs).
But in this case, both candidates have identical name and version, so version-based selection doesn’t help.
My question is:
How does pip choose between identical name==version distributions located on different indexes?
The documentation says:
"There is no priority in the locations that are searched; the best matching candidate is selected."
But this doesn’t clarify how pip behaves when multiple candidates are equally best.
Is there an official rule for tie-breaking? For example:
- prefer
index-urloverextra-index-url? - prefer the first match found?
- prefer the newest upload timestamp?
- alphabetical ordering?
- cache behavior?
Or is pip just treating both package-b==0.2.0 wheels as fully interchangeable, meaning the source registry is undefined / not guaranteed?