IPFS ❤ Python Wheels: Efficient, Secure and Reproducible Repository

Python wheel is a beautifully simple format for cross-platform binary distribution. Combining it with the simple repository API, we have the Python Package Index (PyPI) tirelessly serving Pythonistas. PyPI is great as a package index, but in certain ways it is unsuitable for end-user usages: it is subject to multiple supply chain attacks, its centralised nature leads to difficult mirroring while being a single point of failure, and expensive dependency resolution is left for client-side.

The interplanetary wheels (IPWHL) are platform-unique, singly-versioned Python binary distributions backed by IPFS. It does not try to replace PyPI but aims to be a downstream wheel supplier in a fashion similar to GNU/Linux distributions, whilst take advantage of a content-addressing peer-to-peer network to provide a reproducible, easy-to-mirror source of packages.

This talk will first briefly discuss the wheel package format and the current state of PyPI in the Python packaging ecosystem, focusing on a few shortcoming and relevant recent efforts. It will then introduce IPWHL from the motivating philosophy to real-world properties, before showing the current process and a demo usage. As this happens, the upstream-downstream relationship in Python packaging will be analyzed, clarifying the role of each actor in the process. After the talk, the audience will know how (and when) IPWHL can benefit them and the different ways they can directly and indirectly help the project.