PyCon US 2026 Packaging Summit Recap · Bernát Gábor — Python packaging, tox, virtualenv & open source<br>The PyCon US 2026 Packaging Summit<br>ran Friday May 15, 2026, from<br>1:45 PM to 5:45 PM in Room 201A of the Long Beach Convention Center. Three talks, nine lightning talks, six roundtable<br>discussions. Organized by Pradyun Gedam<br>, C.A.M. Gerlach<br>, and<br>Jannis Leidel<br>. This recap is for anyone who could not be in the room.<br>TLDR:<br>Emma Smith&rsquo;s revised PEP 777 (Wheel 2.0)<br>is a minimal change with sub-PEPs<br>layered on top; the first sub-PEP proposes Zstandard compression for ~25% smaller wheels.<br>Mike Fiedler brought three PyPI abuse vectors (persistent state, open-ended releases, PyPI as a CDN), framed by 3×<br>growth against 1× resources (~24,000 new packages per month, up from ~8,000) and a single full-time PyPI safety and<br>security engineer.<br>Mahe Iram Khan argued conda and pip are two parallel ecosystems, not two competing tools.<br>Lightning talks: PEP 772 Packaging Council<br>approved (Barry Warsaw), mobile<br>wheel pipeline live (Malcolm Smith), Coherent + Compile-to-Flit (Jason Coombs), wheel variants for AI accelerators<br>and shared malware scanning (Joongi Kim), conda-pypi (Daniel Holth), Nebi (Dharhas Pothina).<br>Roundtables: PEP 803 abi3t<br>, Wheel 2.0 hardening, cross-platform builds, CVE<br>propagation, and nab<br>(Damian Shaw&rsquo;s pure-Python resolver aimed at pip<br>swap-in).<br>Involved in Python packaging? Consider running for the Packaging Council this fall or becoming a voting<br>PSF member<br>to nominate and vote.

For background, here are the packaging-topic PEPs resolved in the year leading up to the summit (January 2025 through<br>May 2026), newest first.<br>Accepted or Final:<br>PEP 772 — Packaging Council governance process<br>, Accepted 2026-04-16<br>PEP 783 — Emscripten Packaging<br>, Accepted 2026-04-06<br>PEP 815 — Deprecate RECORD.jws and RECORD.p7s<br>, Final 2026-01-28<br>PEP 794 — Import Name Metadata<br>, Accepted 2025-09-05<br>PEP 792 — Project status markers in the simple index<br>, Final 2025-07-08<br>PEP 770 — Improving measurability of Python packages with SBOM<br>, Accepted<br>2025-04-11<br>PEP 751 — A file format to record Python dependencies for installation reproducibility<br>Final 2025-03-31<br>PEP 739 — build-details.json 1.0, a static description file for Python build details<br>Accepted 2025-02-05<br>Rejected or Withdrawn:<br>PEP 708 — Extending the Repository API to Mitigate Dependency Confusion Attacks<br>Rejected 2026-04-02 after three years provisionally accepted, because the required implementation conditions (PyPI UI,<br>second-repository support in pip with positive user feedback) were never met<br>PEP 763 — Limiting deletions on PyPI<br>, Withdrawn 2025-09-21; the conclusion was<br>that PEPs are not the appropriate venue for changes to PyPI&rsquo;s deletion or usage policies<br>PEP 759 — External Wheel Hosting<br>, Withdrawn 2025-01-31; the community preferred<br>richer multi-index priority and trust controls (pointing toward PEP 766<br>) over<br>external hosting<br>Several of these came up during the summit and are referenced inline below.<br>Welcome

Link to heading<br>The three organizers opened the summit by sharing the<br>HackMD notes document<br>for collaborative live notes, and by<br>reminding the room that this is where conversations start; proposals move from here into<br>discuss.python.org<br>and the PEP process. The deeper<br>official notes from the summit<br>are the canonical source for anything I left<br>out of this recap.<br>Revisiting Wheel 2.0 and Better Compression — Emma Smith

Link to heading<br>Emma Smith<br>(emmatyping.dev<br>) authored<br>PEP 777, &ldquo;How to Re-invent the Wheel&rdquo;<br>and is a CPython core developer. Slides:<br>Google Slides deck<br>The prerequisite stdlib work is also hers: she authored<br>PEP 784 (Adding Zstandard to the standard library)<br>and then, in her<br>Decompression is up to 30% faster in CPython 3.15<br>post (November 2025), wrote up the<br>PyBytesWriter-based decompression rewrite that made zstd decompression 25–30% faster and zlib decompression 10–15%<br>faster for payloads of at least 1 MiB. That work is what makes a Zstandard-based Wheel 2.0 practical, though wide<br>adoption waits until Python 3.13 reaches end-of-life in October 2029<br>, when<br>3.14+ becomes the oldest supported interpreter and installers can rely on compression.zstd being present everywhere.<br>The earlier version of PEP 777 added a wheel-version field to the filename so existing installers would skip Wheel 2.0<br>outputs. Three objections came back from the community: updates would silently stop on old installers, the existing<br>wheel-compatibility schema was felt to be sufficient, and the pip install ./wheel_file.whl path was not covered. Emma<br>Smith worked through this with Donald Stufft<br>and landed on a different plan.<br>The Python packaging ecosystem is too distributed to migrate coherently, so any all-at-once approach has too many<br>downsides. The revised PEP 777 makes the minimum change: wheels stay zip files, and the only hard requirement is that<br>dist-info contains a Wheel-Version entry stored or DEFLATE-compressed inside the wheel. Each...