[Distutils] formencode as .egg in Debian ??
Phillip J. Eby
pje at telecommunity.com
Fri Nov 25 15:28:03 CET 2005
At 01:52 PM 11/25/2005 +0100, Josselin Mouette wrote:
>It could do it by simply trying to import the module.
Python's import mechanism is fragile in the presence of failed imports that
aren't explicitly trapped, and in Python 2.3 it's even more fragile because
only the *first* attempt to import a module that has a missing dependency
will fail; subsequent imports of that module will return a broken
module. Diagnosing such problems is non-trivial.
> > 2) check if it can find this dep like setuptools does today (installing
> them
> > as eggs somewhere in the user's home)
>
>I consider this as a security risk. I hope this can be disabled by
>default.
It *is*. You have to explicitly run easy_install or setup.py to get any
installation of any software, or use an explicit application feature like
Trac's "upload a plugin" facility. And I don't agree with Vincenzo's
proposal to make easy_install run apt-get in any case. If you want to
fetch debs to satisfy a non-Debian Python project, you should use
easy_deb. Using easy_install only makes sense if you are using
bleeding-edge stuff installed to your home directory or a special project
directory, so you don't want to fetch any debs in that case because you're
not updating the *system* packages.
More information about the Distutils-SIG
mailing list