[Distutils] Distutils and Distribute roadmap (and some words on Virtualenv, Pip)
Robert Kern
robert.kern at gmail.com
Wed Oct 28 00:51:07 CET 2009
On 2009-10-27 18:41 PM, David Lyon wrote:
> On Tue, 27 Oct 2009 20:51:10 +0100, Tarek Ziadé<ziade.tarek at gmail.com>
> wrote:
>
>> $ easy_install your_bdist_wininst_dist.exe
>>
>> will install it and process the dependencies from the install_requires
>> option.
>>
>> And pip should be compatible soon too. That makes this format a
>> perfect binary format for win32.
>
> I'm not sure about that Tarek..
>
> An .exe installer as a perfect binary format for python packages?
>
> Are you serious?
>
> That is the biggest security threat I can think of, asking python
> users to run unverified, unsigned, un-trusted executable files on
> their systems.
easy_install does not execute the executable. bdist_wininst installers are zip
files concatenated with an executable header. easy_install just unzips the file
as if it were a zipped egg and ignores the executable part.
--
Robert Kern
"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco
More information about the Distutils-SIG
mailing list