[Distutils] setuptools: package management and explicit version numbers
Paul Moore
p.f.moore at gmail.com
Thu Aug 11 22:39:25 CEST 2005
> Sorry, I have to run now (shouldn't have started this email...) I'll
> comment more later.
After a lot of thinking, and some experimentation, and an abortive
attempt at an email which ended up being *far* more negative than I
want, I have decided not to comment any more at this stage. I'll go
back to lurking until I have a better feel for eggs, their benefits,
and how they fit into the overall package distribution equation.
Sorry, but you guys are doing good work, and I don't want to spend my
time moaning.
Paul.
PS I will make one comment - I really do think that ez_setup should
have an option to disable downloads. When I tried installing the
PyProtocols egg, ez_setup happily grabbed the setuptools egg off the
web, installed it, and ran code from it. I know it needs to, but
that's a huge security risk - I'm not particularly obsessed by
security, but even I found that a bit scary. Arguably, no-download
should be the default, and auto-download should be the optional
behaviour.
More information about the Distutils-SIG
mailing list