[Distutils] Distutils and Distribute roadmap (and some words on Virtualenv, Pip)

Robert Kern robert.kern at gmail.com
Wed Oct 28 00:51:07 CET 2009

On 2009-10-27 18:41 PM, David Lyon wrote:
> On Tue, 27 Oct 2009 20:51:10 +0100, Tarek Ziadé<ziade.tarek at gmail.com>
> wrote:
>> $ easy_install your_bdist_wininst_dist.exe
>> will install it and process the dependencies from the install_requires
>> option.
>> And pip should be compatible soon too. That makes this format a
>> perfect binary format for win32.
> I'm not sure about that Tarek..
> An .exe installer as a perfect binary format for python packages?
> Are you serious?
> That is the biggest security threat I can think of, asking python
> users to run unverified, unsigned, un-trusted executable files on
> their systems.

easy_install does not execute the executable. bdist_wininst installers are zip 
files concatenated with an executable header. easy_install just unzips the file 
as if it were a zipped egg and ignores the executable part.

Robert Kern

"I have come to believe that the whole world is an enigma, a harmless enigma
  that is made terrible by our own mad attempt to interpret it as though it had
  an underlying truth."
   -- Umberto Eco

More information about the Distutils-SIG mailing list