From 0a4cb4922c40f9b608b836c5baf1092cf5bbf979 Mon Sep 17 00:00:00 2001 From: Tzu-ping Chung Date: Sun, 30 May 2021 21:52:16 +0800 Subject: [PATCH] PEP 658: Served metadata may be non-static To be clear, the metadata content served should not change (this is enforced by mandating the served content must match the distribution's content), but we stop referring the concept as "static" because that term is also used to identify metadata that may change at build-time, which means PEP 643 sdist metadata were unnecessarily excluded from PEP 658. --- pep-0658.rst | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/pep-0658.rst b/pep-0658.rst index ea0c98ed9ae..b7c5fcafc5e 100644 --- a/pep-0658.rst +++ b/pep-0658.rst @@ -1,5 +1,5 @@ PEP: 658 -Title: Static Distribution Metadata in the Simple Repository API +Title: Serve Distribution Metadata in the Simple Repository API Author: Tzu-ping Chung Sponsor: Brett Cannon PEP-Delegate: Donald Stufft @@ -48,19 +48,16 @@ inspection. The metadata file defined by the Core Metadata Specification [core-metadata]_ will be served directly by repositories since it contains the necessary information for common use cases. The metadata -served must be completely static, i.e. identical to the ``METADATA`` -file in the ``.dist-info`` directory [dist-info]_ if the distribution -is installed. The repository can provide this for any distributions, -but it is expected they will only provide them for wheels [wheel]_ -at the current time, since an sdist [sdist]_ does not yet have a way -to promise the metadata will stay the same after it is built. - -Since not all distributions have static metadata, an HTML attribute -on the distribution file's anchor link is needed to indicate whether a -client is able to choose the separately served metadata file instead. -The attribute is also used to provide the metadata file's hash, so -clients can verify the file after download. If the attribute is -missing from an anchor link, static metadata is not available for the +must only be served for standards-compliant distributions such as +wheels [wheel]_ and sdists [sdist]_, and must be identical to the +distribution's canonical metadata file, such as a wheel's ``METADATA`` +file in the ``.dist-info`` directory [dist-info]_. + +An HTML attribute on the distribution file's anchor link is needed to +indicate whether a client is able to choose the separately served +metadata file. The attribute is also used to provide the metadata +content's hash for client-side verification. The attribute's absence +indicates that a separate metadata entry is not available for the distribution, either because of the distribution's content, or lack of repository support.