Jason R. Coombs

I suspect [this change is relevant](https://github.com/pypa/pyproject-hooks/blob/60a72a084b1f6cf64aa4be49aa1e971511cc5659/docs/changelog.rst?plain=1#L8-L12). > - More careful handling of the ``backend-path`` key from ``pyproject.toml``. Previous versions would load the backend and then check that it was loaded...

My initial thought is that setuptools' builds were previously relying on metadata from an existing installation... and this change keeps that metadata hidden so that all that's around is the...

Or, maybe the changes to avoid altering `sys.path` cause the metadata to be missing altogether.

I suspect adding a `find_distributions` (i.e. making it an importlib.metadata.DistributionFinder) will allow it to find the metadata for a backend and will likely address the concern.

> this was officially added in 3.11, right? It looks like the protocol was updated in importlib_resources 5.7 and Python 3.11, but it wasn't until later (importlib_resources 5.11 and Python...

> but is perhaps overwrought within a CPython context I'm not sure I understand the distinction. `zipp` means to provide the same behavior (just earlier, to older Pythons), so the...

In jaraco/zipp#107, I determined that it's not going to be straightforward to support these attributes, and the best recommendation is for users to provide a filename on the ZipFile object....

In #130120 and the linked PR, @yngvem is exploring this issue. As you can see above, I'd previously concluded: > Users affected by this issue should supply a filename for...

This issue appears to be leading to widespread breakage. Have you considered yanking the release? It's personally cost me a good deal of time troubleshooting, distilling, and reporting the issue...

Thanks for reporting the issue. As Anderson says, it's not a guarantee that tags are signed. Perhaps it could be, but right now it's a best-effort, as-available behavior. I'm also...