[Distutils] Autobuild packages using snakebite
David Lyon
david.lyon at preisshare.net
Fri Jun 19 16:03:40 CEST 2009
On Fri, 19 Jun 2009 07:24:21 +0200, Stefan Behnel <stefan_ml at behnel.de>
wrote:
> Leonardo Santagada wrote:
>> The biggest problem I see is security, but if people are really
>> interested in this we could at least try it no?
>
> Security certainly is a major issue here. Anyone can upload packages to
> PyPI, so you can run arbitrary code on tons of machines, just by pushing
> some well-forged setup.py script there.
Doesn't a chroot jail stop this? (on unix anyway)
More information about the Distutils-SIG
mailing list