Re: [Django] #37159: Implement reproducible artifact builds

[Django]

#37159: Implement reproducible artifact builds
-------------------------------------+-------------------------------------
     Reporter:  Jacob Walls          |                    Owner:  Charles
         Type:                       |  Roelli
  Cleanup/optimization               |                   Status:  assigned
    Component:  Packaging            |                  Version:  dev
     Severity:  Normal               |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  1
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Natalia Bidart):

 * needs_better_patch:  0 => 1

Comment:

 I support the goal of reproducible release artifacts, but I'm not
 convinced that changing Django's build backend is the best way to achieve
 it.

 As mentioned in comment:5, the remaining reproducibility gap in
 `setuptools` is a known issue rather than a fundamental limitation and is
 expected to be addressed upstream. In the meantime, Django can already
 benefit from reproducible wheels. There are also existing approaches, such
 as
 [https://github.com/ansible/ansible/blob/03d6209/packaging/release.py#L867-L899
 Ansible's release tooling] and [https://github.com/wimglenn/setuptools-
 reproducible setuptools-reproducible], that demonstrate potential paths
 forward within the current ecosystem.

 Hatchling is a reasonable backend, but the current issue does not seem to
 justify a backend migration. Django's packaging needs are relatively
 simple, reproducible wheels are already achievable today, and the
 remaining setuptools gap is expected to be resolved.

 My recommendation is to focus on improvements that provide the greatest
 practical benefit while remaining aligned with the existing packaging
 infrastructure. Therefore, I would favor adopting reproducible wheels and
 allowing the `setuptools` ecosystem to address the remaining `sdist` gap
 rather than introducing a new build backend to work around a temporary
 limitation.
-- 
Ticket URL: <https://code.djangoproject.com/ticket/37159#comment:8>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/0107019ed177794b-d8542abb-06b6-4ad7-b047-0f0c19f738ee-000000%40eu-central-1.amazonses.com.