@mgorny

The "packages aren't specified to hold an exclusive lock on installing a given filename, so we just blindly overwrite stuff" bit is so painful.

Every distro package manager seems to be able to specify this just fine. As far as I can tell, in #pypa land it's simply considered a feature so that... two packages can depend on alternately, PIL and Pillow (or whichever fork story you like), and both dependencies are satisfied even though only the last one is actually installed.

@ebassi

Formal advice by #pypa is "desktop application packaging shouldn't be packaged via python packaging tools".

So don't -- use meson and forget that python dist-info or pip exists. :)

setup.py was, long ago, used as "pythonic Makefiles", but that time is long passed.

@ebassi

Gentle reminder that "python packaging tools" as governed by #pypa and distributable via #pypi are solely intended to be used for packaging importable libraries and as an extension, simple "script entrypoints".

All other asset files have been explicitly declared off limits and out of scope.

`setup.py install` used to support installing other assets, and this support was deprecated and removed by the move to *.whl as the sole supported ecosystem format.

@stfn I think the #pypa #python GitHub publish action is a good place to start to see what needs to be done.
https://github.com/pypa/gh-action-pypi-publish

You'll need to use tokens instead of Trusted Publishing, as your CI is not integrated into Trusted Publishing. Twine is the usual way.
https://twine.readthedocs.io/en/stable/

You may be able to generate & include attestations.
https://docs.pypi.org/attestations/