[Distutils] PEP470 installation security problems
Nick Coghlan
ncoghlan at gmail.com
Wed Oct 8 12:44:19 CEST 2014
On 8 October 2014 20:33, holger krekel <holger at merlinux.eu> wrote:
>
> Then we are reading the sections i cite above very differently -- IMO
> you and the PEP generally push for multi-index ops without explaining
> the risks.
Note that this explanation is present in the PEP:
Currently both pip and setuptools implement multiple repository
support by using the best installation candidate it can find from
either repository, essentially treating it as if it were one large
repository.
Is it mainly that you would like the consequences of that in terms of
any listed index being able to provide any requested package to be
spelled out more clearly?
Regards,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Distutils-SIG
mailing list