[Catalog-sig] Dependencies

Tres Seaver tseaver at palladion.com
Sun Jun 17 18:24:12 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/15/2012 11:01 PM, Richard Jones wrote:
> "impossible to safely extract requirements in a 100% generic way."
> 
> It has nothing to do with it being the de facto standard and
> everything to do with executing untrusted code on pydotorg systems
> with no guarantee that we'll even get the setup.py to work in our
> environment anyway.
> 
> Sent from my portable device, please excuse the brevity. On Jun 16,
> 2012 2:41 AM, "Chris Withers" <chris at python.org> wrote:
> 
>> On 13/06/2012 13:20, Donald Stufft wrote:
>> 
>>> setuptools is a non standard addition to Python packaging which is
>>> impossible to safely extract requirements in a 100% generic way.

You can avoid executing 'setup.py' by looking for 'requires.txt' in the
egg-info directory within the sdist.



Tres.
- -- 
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/eBKYACgkQ+gerLs4ltQ6vjQCg0h8HL6wX/1KjPNpXBQqQJwK1
SGAAn2EW0HK6eUYRVsE1UtFP+RjsmiaE
=+THe
-----END PGP SIGNATURE-----



More information about the Catalog-SIG mailing list