[Catalog-sig] Proposal for the bootstrap API
Giovanni Bajo
rasky at develer.com
Fri Feb 15 12:31:25 CET 2013
Il giorno 15/feb/2013, alle ore 12:30, Nick Coghlan <ncoghlan at gmail.com> ha scritto:
> On Fri, Feb 15, 2013 at 7:28 PM, Tarek Ziadé <tarek at ziade.org> wrote:
>> Looks completely legit to me, unfortunately... So until we catch that fish,
>> damage can already be done.
>
> When you're already in a (security) hole, the first thing you need to
> do is *stop digging*.
>
> We have a handful of projects which need to trusted way to distribute
> a Python script in order to bootstrap installation tools on current
> versions of Python. That's a real problem, and this proposal is a good
> solution for that.
>
> Generalising that to grant the ability to upload arbitrary bootstrap
> scripts to every project for no good reason is making a bad situation
> worse, for zero payoff. So let's not do that. For projects other than
> distribute or pip, the bootstrap process should be:
>
> 1. Bootstrap pip
> 2. pip install project
>
> Or, if the project needs egg support:
>
> 1. Bootstrap distribute
> 2. easy_install project
Strong +1.
--
Giovanni Bajo :: rasky at develer.com
Develer S.r.l. :: http://www.develer.com
My Blog: http://giovanni.bajo.it
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4346 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130215/500f0091/attachment.bin>
More information about the Catalog-SIG
mailing list