[Python-Dev] "packaging" merge imminent

Ronald Oussoren ronaldoussoren at mac.com
Tue May 17 19:21:26 CEST 2011

On 17 May, 2011, at 17:36, Tarek Ziadé wrote:

> Hello
> I am about to merge packaging in the stdlib, and we will continue our
> work there :)
> The impact is:
> - addition of Lib/packaging
> - addition of test/test_packaging.py
> - changes in Lib/sysconfig.py
> - addition of Lib/sysconfig.cfg
> For the last one, I would like to make sure again that everyone is ok
> with having a .cfg file added in the Lib/ directory. If not, we need
> to discuss how to do this differently.
> == purpose of sysconfig.cfg ==
> The sysconfig.cfg file is a ini-like file that sysconfig.py reads to
> get the installation paths. We currently have these paths harcoded in
> the python module.
> The next change I have planned is to allow several levels of
> configuration, like distutils.cfg does. sysconfig.py will look for a
> sysconfig.cfg file in these places:
> 1. the current working directory -- so can be potentially included in
> a project source release

Does this mean that python behaves differently when there happens to be a sysconfig.cfg file in the current working directory? That's a potentional security risk.  

> 2. the user home  (specific location be defined, maybe in ~/local)
> [inherits from the previous one]

How hard would it be to disable this behavior for tools like virtualenv and py2app?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2224 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-dev/attachments/20110517/9caee69c/attachment.bin>

More information about the Python-Dev mailing list