https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270358

--- Comment #201 from Charlie Li <[email protected]> ---
(In reply to Enji Cooper from comment #196)
Please see the patches added in comments above and below this referenced
comment, my run of only the USE_PYTHON=distutils cases in comment 151 and
Hiroo's run in comment 189, to get a glimpse of how broken consumers can get.
We cannot just mark those ports broken, since they are not necessarily old, and
they may have their own boatloads of consumers that are actively maintained. It
is not nearly enough to only test ports that you use directly or as
dependencies.

(In reply to p5B2EA84B3 from comment #197) (and anyone else wondering about the
vuxml entry)
This is not exploitable for us. We don't include the deprecated
bin/easy_install endpoint that would lead to the referenced code block. In
ports/building context, setuptools only runs during stages where network access
is not allowed. For the virtualenv/venv context, any Python package specifying
setuptools as its build backend that would need building from source would have
pip fetching and using the latest version (save version pinning cases). Note
that system packages, ie Python packages built from ports and installed via
pkg(8), are not available for use in virtualenv/venv by default.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to