> On Fri, Oct 30, 2009 at 6:24 PM, Chris Withers <[email protected]> > wrote: >> I think "python setup.py install" is so idiomatic that it seems silly to >> break it for the sake of two lines of python.
Ok. Well, I've been experimenting with "python -m setup install" and I'm sure that I can get it to do the right thing. "python -m setup install", thanks to George, is my new answer to life, universe and packaging. > This may well have been a reasonable choice at the time it was made > over a decade ago (and yes, I was there, discussing distutils with > Greg Ward during the birthing, so you can probably even lay some of > the blame at my feet). Don't be so harsh on yourself. setup.py has served a lot of people extremely well. It's only a minor change to go to "python -m setup install". It's pretty much a way of preserving the setup.py but executing it in a more 'secure' manner. > I worry more about having to review someone else's ad-hoc setup.py, > usually under deadline pressure, especially given how many variations > there are. Doing the conversions is going to be the interesting part. I'm already tossing around ways I can run a legacy 'python setup.py install' and then compare it with a 'python -m setup install' In most cases, you'd hope that they'd be the same. Fortunately, there's not a shortage of packages on pypi that can be used as test data. Moving setup.py from the package into stdlib, isn't such a big change. I'm sure many security type people would be comfortable with this approach. David _______________________________________________ Distutils-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/distutils-sig
