Sphinx: copyright substitution and reproducibility

Chris Lamb chris at reproducible-builds.org
Wed Jul 10 12:08:06 UTC 2024 

Hi James,

> The very-abbreviated problem statement is that when SOURCE_DATE_EPOCH is
> configured, Sphinx projects that have configured their copyright notices using
> dynamic elements can produce nonsensical output under some circumstances.

As someone who has written and submitted dozens of patches to fix this
category of issue in individual Sphinx packages, I very much welcome
and endorse your effort!

I'll have a more careful think about the replacement logic once I get
over some jetlag-induced brainfog, but I have four drive-past remarks
for now:

a) In https://github.com/sphinx-doc/sphinx/issues/12449 you ultimately
   reject widening the match if a project uses an ASCII dash ("-").
   Although it would take a bit of digging to find them at this point,
   I'm sure I have seen projects using both en- and em-dashes in their
   copyright lines purely for aesthetic reasons, and rather than as a
   way to circumvent automatic replacement. It would be a shame if a
   single project is preventing packages using those kinds of dashes
   from becoming reproducible, especially as there may be better, and
   more reliable, solutions for projects wishing to opt out entirely.

b) Similar to (a), I have analogous experiences re. many projects using
  "PREV - YYYY" style spacing, which from a quick glance the code does
  not currently detect. It seems sensible to also catch these. I don't
  know of any projects using this format variant as a way of opting out
  too, lending strength to its inclusion.

c) You reject parsing the conf.py source file in order to alter the
   AST prior to evaluation. I would second avoiding that. :)

d) Roughly following on from (c): was monkey-patching
   datetime.datetime.{now,utcnow,today} etc. ever seriously considered
   as an option by the Sphinx project? If it was limited strictly to
   the evaluation of conf.py, it could be quite effective and have
   limited side-effects. Mostly just curious, as I'm not sure I could
   fully endorse this approach…


Best wishes,

-- 
      o
    ⬋   ⬊      Chris Lamb
   o     o     reproducible-builds.org 💠
    ⬊   ⬋
      o

More information about the rb-general mailing list