donald.stufft at gmail.com
Sun Jun 17 19:02:48 CEST 2012
On Sunday, June 17, 2012 at 12:24 PM, Tres Seaver wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 06/15/2012 11:01 PM, Richard Jones wrote:
> > "impossible to safely extract requirements in a 100% generic way."
> > It has nothing to do with it being the de facto standard and
> > everything to do with executing untrusted code on pydotorg systems
> > with no guarantee that we'll even get the setup.py to work in our
> > environment anyway.
> > Sent from my portable device, please excuse the brevity. On Jun 16,
> > 2012 2:41 AM, "Chris Withers" <chris at python.org (mailto:chris at python.org)> wrote:
> > > On 13/06/2012 13:20, Donald Stufft wrote:
> > >
> > > > setuptools is a non standard addition to Python packaging which is
> > > > impossible to safely extract requirements in a 100% generic way.
> > > >
> > >
> > >
> You can avoid executing 'setup.py' by looking for 'requires.txt' in the
> egg-info directory within the sdist.
This will only include dependencies required for the system that wrote the
package. It won't include dependencies required on other systems (say
via an if statement for windows platform).
Hence the impossible to do it completely.
> - --
> Tres Seaver +1 540-429-0999 tseaver at palladion.com (mailto:tseaver at palladion.com)
> Palladion Software "Excellence by Design" http://palladion.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> -----END PGP SIGNATURE-----
> Catalog-SIG mailing list
> Catalog-SIG at python.org (mailto:Catalog-SIG at python.org)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Catalog-SIG