PEP 665: point out why relying on wheels is a good thing

2021-11-19 15:28:31 -08:00 · 2021-11-19 15:28:31 -08:00 · e4d35d7f32
parent c088d64ecb
commit e4d35d7f32
1 changed files with 10 additions and 0 deletions
--- a/pep-0665.rst
+++ b/pep-0665.rst
@ -88,6 +88,16 @@ attempting to slip nefarious code into your application (i.e. some
 supply chain attacks). By making a lock file which always leads to
 reproducible installs, we can avoid certain risks entirely.

+Four, relying on wheels provides reproducibility without requiring
+build tools to support reproducibility as well. Thanks to wheels being
+static and not executing code as part of installation, wheels always
+lead to a reproducible result. Compare this to source distributions
+(aka sdists) or source trees which only lead to a reproducible install
+if their build tool supports reproducibility due to inherent code
+execution. Unfortunately the vast majority of build tools do not
+support reproducible builds, so this PEP helps alleviate that issue
+by only relying on wheels.
+
 This PEP proposes a standard for a lock file, as the current solutions
 don't meet the outlined goals. Today, the closest we come to a lock
 file standard is the `requirements file format`_ from pip.