Re: [Distutils] formencode as .egg in Debian ??
On Fri, Nov 25, 2005 at 09:23:04AM -0500, Phillip J. Eby wrote:
> At 01:07 PM 11/25/2005 +0100, Janusz A. Urbanowicz wrote:
> >On Fri, Nov 25, 2005 at 10:29:56AM +0000, Donovan Baarda wrote:
> >> On Fri, 2005-11-25 at 01:33 -0500, Phillip J. Eby wrote:
> >> [... long informative explanation of egg...]
> >> In particular, will an egg wrapped inside a Debian package magically
> >> install other bits of software not from Debian packages? Will it install
> >> them in the correct places?
> >
> >This is a dangerous practice from ore than one point of view:
> >
> >1) it may pollute the system with non-DFSG-compliant stuff
> >
> >2) as a both python developer and debian user and developer I DO NOT want
> >software to download and run stuff without my knowledge and explicit
> >consent
>
> It does neither; you have to explicitly be using easy_install or setup.py
> to get any download-and-run behavior.
>
> Now, it's possible for an individual coder to write an application or
> library that invokes easy_install itself, but anybody can write bad code
> and that's what you have a QA process for, no?
Yes and no; malicious code of this kind gets eventually weed out _after a
while_, but this is wrong by design, not to be corrected by QA process.
--
mors ab alto
0x46399138
Reply to: