Comment by magnetometer

Comment by magnetometer 5 days ago

1 reply

View on Hacker News

Python wheels don't run arbitrary code on install, but source distributions do. And you can upload both to pypy. So you would have to run

pip install <package> --only-binary :all:

to only install wheels and fail otherwise.

Balinares 2 days ago

Fair point -- I was only thinking wheels, but you are right.

Would source distributions work as a vector for automated propagation, though? If I'm not mistaken, there's no universal standard for building from source distributions.

Reply View 0 replies