Reproducible builds by default

[chadac]

There is currently a known issue with wheel where the built artifacts are not 100% deterministic -- the compressed wheel uses the current timestamp when adding dates to files. This is an issue for creating reproducible builds as the hash of two identical wheels built at different times are different.

This can be resolved (as referred in the issue) by setting SOURCE_DATE_EPOCH to a post 1980-01-01 date before running wheel, and in tox by passing it via setenv or passenv. However, I'm wondering if this is perhaps something that should be set as a sane default for developers? It seems like having deterministic builds by default would be better in almost all scenarios.

I think this could be done as a hook into the venv before running -- by perhaps setting setenv in the venv before execution, (if setenv or passenv doesn't contain this already) and adding an env flag --wheel-constant-source-date for people to reset to legacy behavior.

For other package builder examples -- Poetry has this as an unconfigurable default.

I'm curious what other's thoughts are on this. At least in my opinion, I think determinism should be a default, although I'm not sure if other processes could depend on these timestamps.

[mcarans]

Determinism seems like a sensible default to me.