Please let’s not assume PEP 517 rules. They are an utter pain to manage, and having to use them for wheel builds as well as sdist builds would just be a pain (especially for anyone who wanted to create a wheel-only installer tool “because handling sdists is the hard bit”).
Examples of why PEP 517 rules are hard:
- If a selector needs a selector, you need nested environments. A malicious selector could cause an infinite loop, “fork bombing” the user’s PC. Yes, pip has explicit code to prevent this for sdists.
- How do you handle installer options? Are they inherited when you install the selector in the isolated environment? Some (like network settings) should be. Some (like
--target) shouldn’t. For some it’s not clear (--index-url?--no-binary?)
In many ways, I’d prefer a process based hook implementation - the hook is a named executable that must be available on $PATH and you pass the input on stdin and get the output on stdout. It’s completely transparent, and language independent.
But as I’ve said before, let’s worry about higher level issues before getting into implementation details.