New submission from Zack Weinberg <za...@panix.com>:
Recent versions of the gzip command-line utility have an option `-n` which causes it to omit the FNAME field of the gzip file header, and write out the MTIME field as zero. Both of these properties are desirable when constructing reproducible build artifacts (see https://reproducible-builds.org/ ). An sdist tarball is a build artifact and it should be created as reproducibly as possible. In particular, --format=gztar should behave as-if `gzip -n` were in use. (The stdlib's gzip module can produce output equivalent to what gzip -n does, but this is not currently documented nor is it accessible via `tarfile`. Both of those should be easy fixes. See bug 38725 and bug 38726.) ---------- components: Distutils messages: 356152 nosy: dstufft, eric.araujo, zwol priority: normal severity: normal status: open title: setup.py sdist --format=gztar should use (equivalent of) `gzip -n` _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue38727> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
