PEP 770: Improving measurability of Python packages with Software Bill-of-Materials

With apologies for the delay (lock files, illness, and a kid turning 1 take up a lot of time :sweat_smile:), but I’m happy to say that I accept PEP 770!

With the reduced scope to *.dist-info/sboms along with codifying the directories that are reserved in *.dist-info, I don’t think this PEP is controversial. As well, I think it will be useful very quickly for build back-ends to start including SBOMs based on what they use to build what’s contained in a wheel.

Thanks to @sethmlarson for all the work on this and everyone who gave constructive feedback!

18 Likes