On Jun 2, 2017, at 12:39 PM, Paul Moore email@example.com wrote:
On 2 June 2017 at 16:27, Donald Stufft <firstname.lastname@example.org mailto:email@example.com> wrote:
So my preference is that everything goes through the sdist step as I think that is most likely to provide consistent builds everywhere both from a VCS checkout and from a sdist that was released to PyPI.
Agreed. That's the ideal workflow. The only reason we don't do it now is because... well, I'm not quite sure. I think it's to do with things like setuptools_scm not generating suitable "temporary version numbers" to allow us to work properly with installs that assume that name/version uniquely identifies the code.
I’m pretty sure the only reason we don’t do it now is because nobody has had the time to make it happen yet. The problems before weren’t from going via sdist, they were from trying to modify our copy tree implementation to filter out .tox, .git, etc. I don’t think we’ve ever tried going via sdist (other than there is an open PR for it, but it ended up stalling https://github.com/pypa/pip/pull/3722 https://github.com/pypa/pip/pull/3722). Essentially, volunteer time is finite :(
— Donald Stufft