[Distutils] waf can be used to compile Python extension modules

Nick Coghlan ncoghlan at gmail.com
Sat Mar 22 00:44:45 CET 2014

On 22 March 2014 09:37, Vinay Sajip <vinay_sajip at yahoo.co.uk> wrote:
>> This strategy does not generally try to eliminate arbitrary code
>> execution during builds - builds are an inherently arbitrary-code
>> process. But once the build has happened most installs should work
>> without arbitrary code execution.
> I don't think builds should be a *completely* arbitrary-code process. I understand well that user-defined code should be accommodated, but IMO this should be within a declarative framework with well-defined hooks, otherwise it will ultimately lead to the same problems that setup.py has.

Agreed, but that can be a two step process:

1. Formally decouple the setup.py CLI from the distutils command system
2. Define a more declarative metabuild system, with the setup.py CLI
considered a legacy compatibility interface.

The reason I think we need to cover step 1 first is because without
doing that, I don't believe we're going to understand the existing
scope we need to cover for 2.


Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia

More information about the Distutils-SIG mailing list