• I am on the latest Poetry version.

• I have searched the issues of this repo and believe that this is not a duplicate.

• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: macOS 10.14

• Poetry version: 1.1.4

Issue

Hi,

I'm experiencing this behavior on 1.1.4. In pyproject.toml I have configured a secondary repo:

[[tool.poetry.source]]
name = "xxx"
url = "https://PRIVATE"
secondary = true

As such, I expect that poetry will fetch most packages from the main PyPI. And 1.1.3 indeed does that. However, 1.1.4 adds this configuration to every package (non-private as well) in poetry.lock:

[[package]]
name = "alabaster"
version = "0.7.12"
description = "A configurable sidebar-enabled Sphinx theme"
category = "main"
optional = true
python-versions = "*"

[package.source]
type = "legacy"
url = "https://PRIVATE"
reference = "xxx"

IMO this is unexpected behavior. I did git bisect and found out that this bug was introduced in 74fc8eb, in an attempt to fix other pypi-related issues.