Encourage projects to use flit_core as build system instead of flit

[takluyver]

I am pushing people to switch their build system from flit to flit_core, the part of Flit which is responsible for building packages. This will build the exact same packages, but installs fewer dependencies in the build environment, so making packages from source should be faster.

A couple of people quite reasonably wanted to ensure this wasn't a supply chain attack to get people to adopt a malicious package. @madsmtm suggested I create this issue & link to it to reassure people.

Resources:

• Flit's main docs refer to flit_core: https://flit.pypa.io/en/stable/pyproject_toml.html#build-system-section
• Release notes for Flit 2.0, when flit_core was introduced: https://flit.pypa.io/en/stable/history.html#version-2-0
• Code in flit.buildapi to pass through to flit_core.buildapi: https://github.com/pypa/flit/blob/main/flit/buildapi.py
• Flit packages on PyPI depend on flit_core: https://pypi-browser.org/package/flit/flit-3.9.0-py3-none-any.whl
  • This link points to a third-party website for inspecting packages on PyPI. If you don't want to rely on that, you can download the packages from PyPI, unpack them and find the metadata to check this.