New submission from Zack Weinberg <za...@panix.com>:
Reproducibility has so far been concerned primarily with binary packages, but it's also desirable for source tarballs to be reproducible starting from a version-control checkout. This is particularly important for Python, where 'setup.py sdist' can run arbitrary code and generated files (e.g. Cython-generated C) are often included in sdists. As a small step toward this goal, please add support for the SOURCE_DATE_EPOCH environment variable to distutils.command.sdist. The most natural way to implement this would be with an additional user option, perhaps called 'timestamp_limit', which takes a date and time argument. File modification timestamps in the generated tarball or zipfile will be adjusted to be no later than that time. If 'timestamp_limit' is not set, it defaults to the value of os.environ['SOURCE_DATE_EPOCH']. The specification for SOURCE_DATE_EPOCH may be found at https://reproducible-builds.org/specs/source-date-epoch/ . ---------- components: Distutils messages: 355652 nosy: dstufft, eric.araujo, zwol priority: normal severity: normal status: open title: setup.py sdist should honor SOURCE_DATE_EPOCH _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue38632> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
