Yours, Abdur-Rahmaan Janhangeer pythonmembers.club <http://www.pythonmembers.club/> | github <https://github.com/Abdur-rahmaanJ> Mauritius
On Mon, Jan 6, 2020 at 11:53 PM Chris Angelico <ros...@gmail.com> wrote: > On Tue, Jan 7, 2020 at 6:37 AM Abdur-Rahmaan Janhangeer > <arj.pyt...@gmail.com> wrote: > Where is this directory? What if it already contains content? > It's sometimes typical for extracted zips to be in temporary folders. If we are including wheels maybe we can have a permanent folder for extracting the wheels and the interpreter looks for those in it Are you proposing that *any* zipapp archive is capable of downloading > arbitrary code from the internet and then running it, without any > prompting from the user? > Exactly the opposite, the archive bundler includes all that have to be included so that the app runner does not have to do it. Proposing to include pa If we are talking about the scenario where a malware already lying in wait in the packages folder then it's the same as malware entering the interpreter's site-packages If we are talking about malicious code in a package that gets called when running the zipapp without prompt, then that's the same issue with all executables (like apps built with pyinstaller). If ever we want to mitigate that risk, it depends if we trust the sender. That's also where the proposed security features come into play. -- https://mail.python.org/mailman/listinfo/python-list
