On Oct 27, 2009, at 7:41 PM, David Lyon wrote:
I'm not sure about that Tarek.. An .exe installer as a perfect binary format for python packages? Are you serious? That is the biggest security threat I can think of, asking python users to run unverified, unsigned, un-trusted executable files on their systems.
easy_install, pip, and indeed all of PyPI is basically a system for executing untrusted code, usually as a system administrator, straight off of what is effectively a wiki.
If you're concerned about security and distutils, there is a _lot_ of work to do. There is no particular additional danger in executing a .exe rather than a setup.py.
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
