https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270358
--- Comment #201 from Charlie Li <[email protected]> --- (In reply to Enji Cooper from comment #196) Please see the patches added in comments above and below this referenced comment, my run of only the USE_PYTHON=distutils cases in comment 151 and Hiroo's run in comment 189, to get a glimpse of how broken consumers can get. We cannot just mark those ports broken, since they are not necessarily old, and they may have their own boatloads of consumers that are actively maintained. It is not nearly enough to only test ports that you use directly or as dependencies. (In reply to p5B2EA84B3 from comment #197) (and anyone else wondering about the vuxml entry) This is not exploitable for us. We don't include the deprecated bin/easy_install endpoint that would lead to the referenced code block. In ports/building context, setuptools only runs during stages where network access is not allowed. For the virtualenv/venv context, any Python package specifying setuptools as its build backend that would need building from source would have pip fetching and using the latest version (save version pinning cases). Note that system packages, ie Python packages built from ports and installed via pkg(8), are not available for use in virtualenv/venv by default. -- You are receiving this mail because: You are on the CC list for the bug.
