psf / fundable-packaging-improvements

Packaging improvements that could be funded
52 stars 19 forks source link

Add support for reproducible builds to setuptools/wheel #47

Closed abravalheri closed 2 years ago

abravalheri commented 2 years ago

This proposal was motivated by the recent discourse thread

What is the current situation/context?

Currently the combination of setuptools/wheel does not support reproducible builds completely. This makes some kinds of build non-verifiable.

What ought to be fixed, made, or implemented?

Complete support for reproducible build for both sdist and wheel using setuptools as a build backend.

What problems would this solve, and what new capabilities would it cause?

This would help to improve security in the Python packaging ecosystem, because developers would be able to independently verify packages.

What kinds of work are necessary to make this happen?

Implementation efforts are required for:

Documentation efforts are required to instruct developers how to verify distribution artifacts.