PEP-710: Implement provenance records for installed packages

[fridex]

We are discussing the possibility of introducing provenance_url.json that would help with tracking of installed packages in Python environments. It could help with creating a lock files or SBOMs from installed packages.

We would like to know your position on this PEP (it's in draft state as of today) as uv is one of the affected installers. See https://peps.python.org/pep-0710/ and this Discourse thread where the discussion around this PEP is happening. Thanks!

[zanieb]

Thank you!

[charliermarsh]

Thank you -- replied on the thread (https://discuss.python.org/t/pep-710-recording-the-provenance-of-installed-packages/25428/34), feel free to ping me directly on the thread if you have further questions.

[kdeldycke]

@fridex I you're interested about creating an SBOM from a uv environment, check my Meta Package Manager CLI and this comment: #4711 (comment)