Including upstream list as submodule/subtree would be more transparent

[dvzrv]

During packaging of python-publicsuffix2 I realized, that downloading the publicsuffix list during build time makes it unreproducible (any time the package is rebuilt, it will have a different list).

My suggestion would be to include the publicsuffix list from upstream directly as e.g. a git submodule or git subtree (the latter is preferred as this way the files actually end up in an automatically generated tarball on github when tagging a release) and not download it during build time at all to ensure reproducibility raise transparency.
The data lives in this repository already, so it could also be copied manually, but IMHO a subtree or submodule is the more transparent way of dealing with this.

Currently only the wheel on pypi.org is really ensured to carry the currently bundled version of the publicsuffix list. For anyone else building this package, this assumption is not valid.

[dvzrv]

Oops, I just realized, that the list is actually not downloaded during build. Sorry for the noise.

However, including the list via git submodule/subtree would be more transparent nonetheless. Modifying this ticket accordingly!

[pombredanne]

@dvzrv Thank you... I have never been a big fan of submodules because of principles that I can no longer articulate and I have forgotten...

Therefore I would be quite fine to have a PR to use submodules instead. You will have to provide some minimal doc to help me update the PSL!

(NB: as you noted the PSL is NOT fetched automatically during a build. You have to issue a python setup.py update_psl to do the update.)

[pombredanne]

@dvzrv Could I interest you in a PR for the submodule?