On Fri, Nov 25, 2005 at 09:23:04AM -0500, Phillip J. Eby wrote: > At 01:07 PM 11/25/2005 +0100, Janusz A. Urbanowicz wrote: > >On Fri, Nov 25, 2005 at 10:29:56AM +0000, Donovan Baarda wrote: > >> On Fri, 2005-11-25 at 01:33 -0500, Phillip J. Eby wrote: > >> [... long informative explanation of egg...] > >> In particular, will an egg wrapped inside a Debian package magically > >> install other bits of software not from Debian packages? Will it install > >> them in the correct places? > > > >This is a dangerous practice from ore than one point of view: > > > >1) it may pollute the system with non-DFSG-compliant stuff > > > >2) as a both python developer and debian user and developer I DO NOT want > >software to download and run stuff without my knowledge and explicit > >consent > > It does neither; you have to explicitly be using easy_install or setup.py > to get any download-and-run behavior. > > Now, it's possible for an individual coder to write an application or > library that invokes easy_install itself, but anybody can write bad code > and that's what you have a QA process for, no?
Yes and no; malicious code of this kind gets eventually weed out _after a while_, but this is wrong by design, not to be corrected by QA process. -- mors ab alto 0x46399138 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]