Metadata of wheels created with multiple tools

[HexDecimal]

Issue Description

Relevant documentation of WHEEL and Generator.

Generator is the name and optionally the version of the software that produced the archive.

Tools such as auditwheel or delocate alter and rewrite wheels by packing external dependencies inside of it. Excluding the used tool from the wheel metadata would cause any regressions from these tools to be harder to track down and debug.

As a maintainer of delocate I've made the unwitting decision to add a 2nd Generator field to annotate which version of Delocate modified the wheel, but this broke other third party tools such as wheel-inspect which expects only a single instance of Generator. The documentation is ambiguous and doesn't clearly state that either of these approaches are wrong. My reading of it was that tools writing or rewriting a wheel are supposed to be in the WHEEL metadata as a Generator, and to omit or replace a Generator field would be to lie about the wheels origins.

Generally it does not seem like the original specification accounted for there to be more than one tool used to create a wheel in the first place. This is combined with a file format which allows for duplicate keys which causes the ambiguity.

I was hoping to hear an authoritative answer to these questions:

• Is the Generator field one only, or one or more?
• Where should the names/versions of additional tools used to create a wheel be tracked?

Code of Conduct

• I am aware that participants in this repository must follow the PSF Code of Conduct.