On Fri, 19 Jun 2009 07:24:21 +0200, Stefan Behnel <[email protected]> wrote: > Leonardo Santagada wrote: >> The biggest problem I see is security, but if people are really >> interested in this we could at least try it no? > > Security certainly is a major issue here. Anyone can upload packages to > PyPI, so you can run arbitrary code on tons of machines, just by pushing > some well-forged setup.py script there.
Doesn't a chroot jail stop this? (on unix anyway) _______________________________________________ Distutils-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/distutils-sig
