[Distutils] Autobuild packages using snakebite

Stefan Behnel stefan_ml at behnel.de
Fri Jun 19 07:24:21 CEST 2009

Leonardo Santagada wrote:
> The biggest problem I see is security, but if people are really
> interested in this we could at least try it no?

Security certainly is a major issue here. Anyone can upload packages to
PyPI, so you can run arbitrary code on tons of machines, just by pushing
some well-forged setup.py script there.


More information about the Distutils-SIG mailing list