tseaver at palladion.com
Sun Jun 17 18:24:12 CEST 2012
-----BEGIN PGP SIGNED MESSAGE-----
On 06/15/2012 11:01 PM, Richard Jones wrote:
> "impossible to safely extract requirements in a 100% generic way."
> It has nothing to do with it being the de facto standard and
> everything to do with executing untrusted code on pydotorg systems
> with no guarantee that we'll even get the setup.py to work in our
> environment anyway.
> Sent from my portable device, please excuse the brevity. On Jun 16,
> 2012 2:41 AM, "Chris Withers" <chris at python.org> wrote:
>> On 13/06/2012 13:20, Donald Stufft wrote:
>>> setuptools is a non standard addition to Python packaging which is
>>> impossible to safely extract requirements in a 100% generic way.
You can avoid executing 'setup.py' by looking for 'requires.txt' in the
egg-info directory within the sdist.
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Catalog-SIG