[Distutils] Autobuild packages using snakebite
David Lyon
david.lyon at preisshare.net
Sat Jun 20 13:03:10 CEST 2009
On Sat, 20 Jun 2009 19:17:12 +0900, David Cournapeau
>> There's really no way you can stop someone from misusing your
>> infrastructure if you go for building any arbitrary package that gets
>> uploaded to PyPI.
But CPU cycles can be counted and likewise network usage...
> Forbidding any network access from the vm used to build would solve most
> of those problems. Controlling CPU/memory can be done from the host OS.
> I would be surprised if the openSuse build system worked in a
> fundamentally different way: rpm .spec files can also execute arbitrary
> code.
I struggle with seeing how that would work. My easyinstall is always
downloading additional packages (as it should). And how would you
get packages onto the infastructure from pypi in the first place if
there was no internet access?
David
More information about the Distutils-SIG
mailing list