[Distutils] Autobuild packages using snakebite
stefan_ml at behnel.de
Fri Jun 19 07:24:21 CEST 2009
Leonardo Santagada wrote:
> The biggest problem I see is security, but if people are really
> interested in this we could at least try it no?
Security certainly is a major issue here. Anyone can upload packages to
PyPI, so you can run arbitrary code on tons of machines, just by pushing
some well-forged setup.py script there.
More information about the Distutils-SIG