PEP 710: Recording the provenance of installed packages
This PEP describes a way to record the provenance of installed Python distributions. The record is created by an installer and is available to users in the form of a JSON file provenance_url.json in the .dist-info directory. The mentioned JSON file captures additional metadata to allow recording a URL to a :term:`distribution package` together with the installed distribution hash. This proposal is built on top of PEP 610 following :ref:`its corresponding canonical PyPA spec … ⌘ Read more`