[Distutils] Distutils and Distribute roadmap (and some words on Virtualenv, Pip)

Glyph Lefkowitz glyph at twistedmatrix.com
Wed Oct 28 01:06:11 CET 2009

On Oct 27, 2009, at 7:41 PM, David Lyon wrote:
> I'm not sure about that Tarek..
> An .exe installer as a perfect binary format for python packages?
> Are you serious?
> That is the biggest security threat I can think of, asking python
> users to run unverified, unsigned, un-trusted executable files on
> their systems.

easy_install, pip, and indeed all of PyPI is basically a system for  
executing untrusted code, usually as a system administrator, straight  
off of what is effectively a wiki.

If you're concerned about security and distutils, there is a _lot_ of  
work to do.  There is no particular additional danger in executing  
a .exe rather than a setup.py.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20091027/88fe6d09/attachment.htm>

More information about the Distutils-SIG mailing list