Hacker News new | ask | show | jobs
by magnetometer 199 days ago
Python wheels don't run arbitrary code on install, but source distributions do. And you can upload both to pypy. So you would have to run

pip install <package> --only-binary :all:

to only install wheels and fail otherwise.
1 comments
Balinares 196 days ago
Fair point -- I was only thinking wheels, but you are right.

Would source distributions work as a vector for automated propagation, though? If I'm not mistaken, there's no universal standard for building from source distributions.

link