This post was excerpted from discuss.python.org
What is IPWHL?
The interplanetary wheels are platform-unique, singly-versioned Python built distributions backed by IPFS. It aims to be a downstream wheel supplier in a similar fashion to GNU/Linux distributions, whilst take advantage of a content-addressing peer-to-peer network to provide a reproducible, easy-to-mirror source of packages.
On IPWHL, for each platform (architecture, operating system and Python implementation and version), there exists only one single built distribution. The collection of these distribution packages are given as a single IPFS CID. An installer can use solely this content ID and packages names to reproduce the exactly same environment on every platform.
The official IPWHL repository will provide exclusively free software. However, deriving the repository should be trivial and is a supported use case.
Why?
IPWHL is created as a curated and decentralized Python package repository.
PyPI repository is uncurated: anyone can publish a package there, which enables typosquatting and some other exploits. In contrast, by controlling which packages can go into IPWHL, we reduces risk of distributing malware significantly. Decentralizing the repository with IPFS makes mirroring more helpful and cost-saving. Additionally, by making the wheels singly-versioned, IPWHL is expected to save time for dependency resolution.
How to use IPWHL?
Setting up IPFS
IPFS has a well-documented installation guide. It is worth noting that several GNU/Linux distributions and BSD-based OSes may have already included it in their repositories. Afterwards, please follow the IPFS quick-start guide. Some downstream go-ipfs packages may also contains a init-system service to automatically manage the IPFS daemon. By default, the daemon opens a local IPFS gateway at port 8080.
Use it
To use IPWHL repository, we can simply replace the PyPI URL to the repository
through an IPFS gateway. For pip, you can do this by changing index-url:
pip config --site set global.index-url "http://localhost:8080/ipfs/$IPWHL_CID"
Mirroring a release is also as simple as pinning its CID:
ipfs pin add $IPWHL_CID
Feedback
IPWHL is in its early stage, so we would appreciate if you can let us know how you feel about it.