top | item 38267471 (no title) gnomewascool | 2 years ago Interesting slides! Thanks!`pip download --no-deps` allowing arbitrary code-execution is non-obvious, and IMO broken. discuss order hn newest aflag|2 years ago Even pip install allowing arbitrary code-execution is non-obvious, although perhaps not entirely broken. capableweb|2 years ago Does it matter if the code-execution happens at `pip install` or `python myapp.py`? Using 3rd party libraries inevitably means you're allowing code-execution to 3rd parties, that's the point after all. load replies (2)
aflag|2 years ago Even pip install allowing arbitrary code-execution is non-obvious, although perhaps not entirely broken. capableweb|2 years ago Does it matter if the code-execution happens at `pip install` or `python myapp.py`? Using 3rd party libraries inevitably means you're allowing code-execution to 3rd parties, that's the point after all. load replies (2)
capableweb|2 years ago Does it matter if the code-execution happens at `pip install` or `python myapp.py`? Using 3rd party libraries inevitably means you're allowing code-execution to 3rd parties, that's the point after all. load replies (2)
aflag|2 years ago
capableweb|2 years ago