Why isn't source distribution metadata trustworthy? Can we make it so?

So the issue is actually that the generated metadata for wheels and sdists are not the same in case of setuptools. Without having looked into it in much depth I would argue this then to be a bug in the build system setuptools. Indeed, it is a known issue SDist PKG-INFO file should include Requires-Dist entries. · Issue #1716 · pypa/setuptools · GitHub.

1 Like