On Oct 27, 2009, at 7:41 PM, David Lyon wrote:

I'm not sure about that Tarek..

An .exe installer as a perfect binary format for python packages?

Are you serious?

That is the biggest security threat I can think of, asking python
users to run unverified, unsigned, un-trusted executable files on
their systems.

easy_install, pip, and indeed all of PyPI is basically a system for executing untrusted code, usually as a system administrator, straight off of what is effectively a wiki.

If you're concerned about security and distutils, there is a _lot_ of work to do.  There is no particular additional danger in executing a .exe rather than a setup.py.