New submission from Zack Weinberg <>:

Reproducibility has so far been concerned primarily with binary packages, but 
it's also desirable for source tarballs to be reproducible starting from a 
version-control checkout.  This is particularly important for Python, where 
' sdist' can run arbitrary code and generated files (e.g. 
Cython-generated C) are often included in sdists.

As a small step toward this goal, please add support for the SOURCE_DATE_EPOCH 
environment variable to distutils.command.sdist.  The most natural way to 
implement this would be with an additional user option, perhaps called 
'timestamp_limit', which takes a date and time argument.  File modification 
timestamps in the generated tarball or zipfile will be adjusted to be no later 
than that time.  If 'timestamp_limit' is not set, it defaults to the value of 

The specification for SOURCE_DATE_EPOCH may be found at .

components: Distutils
messages: 355652
nosy: dstufft, eric.araujo, zwol
priority: normal
severity: normal
status: open
title: sdist should honor SOURCE_DATE_EPOCH

Python tracker <>
Python-bugs-list mailing list

Reply via email to