[Distutils] Autobuild packages using snakebite

David Lyon david.lyon at preisshare.net
Sat Jun 20 13:03:10 CEST 2009

On Sat, 20 Jun 2009 19:17:12 +0900, David Cournapeau

>> There's really no way you can stop someone from misusing your
>> infrastructure if you go for building any arbitrary package that gets
>> uploaded to PyPI.

But CPU cycles can be counted and likewise network usage...

> Forbidding any network access from the vm used to build would solve most
> of those problems. Controlling CPU/memory can be done from the host OS.
> I would be surprised if the openSuse build system worked in a
> fundamentally different way: rpm .spec files can also execute arbitrary
> code.

I struggle with seeing how that would work. My easyinstall is always
downloading additional packages (as it should). And how would you
get packages onto the infastructure from pypi in the first place if 
there was no internet access?


More information about the Distutils-SIG mailing list