Just to clarify: if the metadata version is not marked as 2.2+ the assumption that core metadata cannot differ from PKG-INFO and METADATA does not hold, right?
I am asking this because I am not confident that setuptools is in a position right now that we can perform enforcement/consistency checks and just start producing 2.2/2.3 metadata. (So that is expectation management).
Correct. Metadata versions earlier than 2.2 are in effect presumed to mark every field as dynamic.
I expected setuptools to have difficulty guaranteeing static metadata. If a project has no setup.py (reading metadata from pyproject.toml) does that make things easier, or do plugins still cause issues in that case?
I think plugins can still cause some issues.
We did implement some (reasonable) check on PEP 621 dynamic, but I suppose plugins can yield different values when build from sdist or wheel or unpackaged sdist.
After reading through the thread, it seems like the summary is:
Is that accurate?
Unless I missed something, all installers except pip.
Itās not quite system state but, yea, external-to-Python-packages stuff basically.
Indeed, thatās intended to be a follow up (IIRC, this was mentioned in the PEP or in the topic for discussion of that PEP).
Can you clarify what you mean here? Are you thinking along the lines of eventually deprecating sdists on PyPI [1]?
as opposed perhaps to options like making --only-binary :all: the default for pip, or somehow marking sdists as ānot locally buildableā ā©ļø
Yes, I had a long day at work reading a lot of messages here and I missed typing out āhaving sdists and wheels agree on metadataā. 
My brain probably thought I made some generic statement about the entire bullet list being about metadata agreeing.
Although I have no qualms if installers stopped supporting sdists directly and made building them an out-of-band thing (hence why my first attempt at lock files left sdists out entirely).
Yeah, and I was sort of against that at the time, but it does make a lot more sense to me now. That said, sdists for pure Python libraries are trivial to build locally so I wonder if it would be helpful to make that distinction? Like we could say that absent any wheels, pip install could still choose pure Python sdists, but only choose wheels for binary / native code libraries?
Thereās nothing consistent in all sdists to identify this - you donāt know what kind of wheel youāre going to get until you install the backend and run it.
Could it be some metadata that the package author controls? Probably, but the complexity [1] isnāt worth it.
itās okay to build wheels for this sdist but not that sdist ā©ļø
Thatās an idea that has come up in other discussions around what exactly an sdist is for?
The other thing is if youāre using a build back-end to make an sdist (which you would be doing most likely to create PKG-INFO), then the build back-end can very likely make the wheel.
3 posts were split to a new topic: Provide a way to signal an sdist isnāt meant to be built?
If I recall the history here correctly, conda tends to ensure that it includes the pip/wheel metadata to reduce the number of things that can go wrong when user use pip on top of a conda env.
I have vague memories of issues where you would conda install a package, then pip install a package that depends on it, pip would not be aware of the conda installed package, so pip would re-install that package from pypi with a possible different version and (for packages with extension) almost certainly different build settings which could result in āchimera installsā if modules were added / removed [1]. By including the pip/wheel metadata and subsequent use of pip finds what it would have put there for the version of the package conda installed and things mostly work.
These can be wild to debug because they tend to manifest as āimpossibleā things. ā©ļø
This reminds me of this: Poetry overwrites existing conda packages even if versions match Ā· Issue #6408 Ā· python-poetry/poetry Ā· GitHub
A whole bunch of conda packages contain a direct_url.json file that conda happily copies as-is (when it obviously shouldnāt), and then fun things happen.