[Distutils] Distutils and Distribute roadmap (and some words on Virtualenv, Pip)
Glyph Lefkowitz
glyph at twistedmatrix.com
Wed Oct 28 01:06:11 CET 2009
On Oct 27, 2009, at 7:41 PM, David Lyon wrote:
>
> I'm not sure about that Tarek..
>
> An .exe installer as a perfect binary format for python packages?
>
> Are you serious?
>
> That is the biggest security threat I can think of, asking python
> users to run unverified, unsigned, un-trusted executable files on
> their systems.
easy_install, pip, and indeed all of PyPI is basically a system for
executing untrusted code, usually as a system administrator, straight
off of what is effectively a wiki.
If you're concerned about security and distutils, there is a _lot_ of
work to do. There is no particular additional danger in executing
a .exe rather than a setup.py.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20091027/88fe6d09/attachment.htm>
More information about the Distutils-SIG
mailing list