I'm not sure if I got your issue, but I can do platform-dependent `index` `pytorch` installation using the following snippet in `pyproject.toml` and `uv sync` just handles it accordingly.
Some Windows machines have compatible GPUs while others don't, so this doesn't necessarily help. What is really required is querying the OS for what type of compute unit it has and then installing the right version of an ML library, but I'm not sure that will be done.
I happened to use uv recently for a pet project, and I totally agree with you. It's really really good. I couldn't believe its dependency resolution and pulling can be so fast. Imho, it's the python package manager (I don't know the most suitable name to categorize it) done right, everything just works, the correct way.
Tbf, this is like a goldmine for the lawyers right now, on both sides! It's not clear, it's ambiguous, needs to be litigate and decided and contracts are challenged, and damages occurred all round, etc. Hundreds of millions in fees are gonna get floated, and years of litigation.
This reminds of "Bidding Rank" from Baidu decades ago (and I think it pretty much still applies for Baidu) - Google was not only better technologically, but ethically because their search results were not that profit driven as "Bidding Rank" which was (and still is) very much despised. Now it seems Google only cares about profit and started to do things more or less the same way.
Sick.
Disclosure - I was so pissed by the degration of quality (an money-thirstiness) of the search results from Google that I switched to a non-profit search engine as my default for both desktop and mobile. The daily search experience doesn't have much noticible change to me. I do admit sometimes the Google search result could be better sometimes, but those occasions are quite rare for my needs, like maybe once a week.
That "Jigar Kumar" is like fake and one-time throw-off account, probably from the same state actor to orchestrate the painstakingly prepared supply chain attack (under the sun).
At first glance I thought it was a far-fetched conclusion but then I read in a subsequent reply he wrote:
> With your current rate, I very doubt to see 5.4.0 release this year. The only
progress since april has been small changes to test code. You ignore the many
patches bit rotting away on this mailing list. Right now you choke your repo.
Why wait until 5.4.0 to change maintainer? Why delay what your repo needs?
Oh wow, all his posts are trying to pressure Lasse, or guilt him into getting Jia on board. They're definitely conspiring.
"Your efforts are good but based on the slow release schedule it will unfortunatly be years until the community actually gets this quality of life feature."
"Patches spend years on this mailing list. 5.2.0 release was 7 years ago. There is no reason to think anything is coming soon."
"With your current rate, I very doubt to see 5.4.0 release this year. The only progress since april has been small changes to test code. You ignore the many patches bit rotting away on this mailing list. Right now you choke your repo. Why wait until 5.4.0 to change maintainer? Why delay what your repo needs?"
"Progress will not happen until there is new maintainer. XZ for C has sparse commit log too. Dennis you are better off waiting until new maintainer happens or fork yourself. Submitting patches here has no purpose these days. The current maintainer lost interest or doesn't care to maintain anymore. It is sad to see for a repo like this."
"Is there any progress on this? Jia I see you have recent commits. Why can't you commit this yourself?"
"Over 1 month and no closer to being merged. Not a suprise."
If an attacker is so smart and patient to pull of a sneaky supply chain attack like this, I'd say he/she/they must have been quite carefully choosing the moniker and hide/obfuscate other potentially identity revealing information (afaik, there is no reliable identity information found at the moment). So by choosing a very typical Chinese name (Jia Tan), I believe this is intentially misleading/smearing. I can't believe a smart ass (potenially a state actor) would be so stupid to use his/her/their actual nationality or other information.
