On 10 Feb, 2013, at 0:37, Stephen Thorne <step...@thorne.id.au> wrote:
> On Sat, Feb 9, 2013 at 11:28 PM, Jesse Noller <jnol...@gmail.com> wrote:
> On Feb 9, 2013, at 6:13 PM, Stephen Thorne <step...@thorne.id.au> wrote:
>
> > Hello,
> >
> > One of my concerns with the recent pip dramas that have seen some excellent
> > and timely action from catalog-sig and others, is that 'setuptools' is
> > still widely distributed and used instead of distribute/pip.
>
> Well, lets back up: these aren't pip specific problems: just about every
> client side tool for installing from pypi suffers from lax security.
>
> >
> > Setuptools either needs to be sunset, notices put on pypi, warnings given
> > to its users, out of linux distros, or it has to upgraded to be feature
> > compatible with the security updates.
> >
> > That's a strong statement I've made, but I feel strongly that something has
> > to be done. I would like to solicit opinions here before an action plan is
> > composed.
>
> This is a bit of a question mark to me: the reality is that
> easy_install/setup tools usage is probably still dramatically higher than
> that of more modern tooling. That, and AFAIK, there are still features of
> them that the alternatives do not support (binary eggs, which are a must for
> windows).
>
> Yikes. This is something I didn't fully understand until now. Our windows
> users prefer to use setuptools and eggs? That make sense I guess.
I'm not on windows but don't use pip either. The primary reason for that is
that pip doesn't offer a compelling enough feature set, as far as I'm concerned
it just provides a different way to spell the installation command ("pip
install foo" instead of "easy_install foo").
Ronald_______________________________________________
Catalog-SIG mailing list
Catalog-SIG@python.org
http://mail.python.org/mailman/listinfo/catalog-sig
