> This strategy does not generally try to eliminate arbitrary code > execution during builds - builds are an inherently arbitrary-code > process. But once the build has happened most installs should work > without arbitrary code execution.
I don't think builds should be a *completely* arbitrary-code process. I understand well that user-defined code should be accommodated, but IMO this should be within a declarative framework with well-defined hooks, otherwise it will ultimately lead to the same problems that setup.py has. Regards, Vinay Sajip _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
