19 Jun
2009
19 Jun
'09
4:03 p.m.
On Fri, 19 Jun 2009 07:24:21 +0200, Stefan Behnel stefan_ml@behnel.de wrote:
Leonardo Santagada wrote:
The biggest problem I see is security, but if people are really interested in this we could at least try it no?
Security certainly is a major issue here. Anyone can upload packages to PyPI, so you can run arbitrary code on tons of machines, just by pushing some well-forged setup.py script there.
Doesn't a chroot jail stop this? (on unix anyway)