[Distutils] PEP470 installation security problems

Paul Moore p.f.moore at gmail.com
Wed Oct 8 15:27:13 CEST 2014

On 8 October 2014 13:59, holger krekel <holger at merlinux.eu> wrote:
> But if you and Nick as authors refuse my suggestions (mainly:
> backward compat, more careful reasoning about multi-index ops) then i am
> currently clearly -1 on the PEP because i think it does more harm than good.

Holger, there's been a lot said in this thread, and it's entirely
possible I may have missed something crucial. But it seems to me that
a lot of the debate has been about wording and rationale. Can I just
cross-check with you, before you leave the discussion:

1. Ignoring all of the explanations and rationale, are you -1 on the
technical changes being proposed?
2. Do you have an alternative proposal, or is your -1 in effect a vote
to do nothing?

Personally, I think that we have to do something about the pip user
interface, as the current situation is harming our users. If PEP 470
isn't accepted, we'll need to look again at what we do in relation to
PEP 438 support. Frankly, I'd rather not go there, as I think it's
clear from the feedback we've received that full support is harmful to
our users.


More information about the Distutils-SIG mailing list