Survey of Python build backends handling non-Python software

[sethmlarson]

These build backends are likely to have a more complicated use-case, such as needing to generate their own SBOMs instead of only forwarding along SBOM documents specified in pyproject.toml.

• [ ] Maturin and PyO3
• [ ] setuptools
• [ ] Meson-build
• [ ] enscons
• [ ] cmake
• [ ] scikit-build

[ncoghlan]

Additional "full fledged build systems that can emit Python packages" options:

• https://pypi.org/project/enscons/
• https://pypi.org/project/cmake/ (CMake-for-Python-packages, essentially)
• https://pypi.org/project/scikit-build/

There are also projects like zig and compiletools, as well as Rust, where non-Python dependencies may end up statically linked into the resulting extension modules.

There probably needs to be a way to just inject additional SBOM snippets directly, and leave it up to the project itself to manage keeping them in sync with the actual build process. Defining a common way to do that would mean that each affected build system project didn't need to invent one for itself.