Closed KOLANICH closed 4 years ago
KOLANICH
commented
4 years ago I personally deprecate it :). In fact there is a deep reason why setup.cfg (2016) and pyproject.toml (2018) have been created. Metadata must not be executable. It is obvious fact. If it is not obvious, see this: https://github.com/mschwager/0wned https://www.zdnet.com/article/twelve-malicious-python-libraries-found-and-removed-from-pypi/
guysv
commented
4 years ago Oh well, in the name of security :)
By the way, I see setup.py is not entirely removed, and setup.cfg is lacking the data_files field.
why's that?
KOLANICH
commented
4 years ago I see setup.py is not entirely removed
We cannot currently fully remove it. But even if we cannot fully remove it, it is still beneficial to have the metadata in setup.cfg, it can be parsed without executing code and is easier to audit. And when we are able to fully remove it, we will have the metadata already declarative and moved.
setup.cfg is lacking the data_files field. why's that?
You glob data files, I have not changed that, so it is still in setup.py.
guysv
commented
4 years ago all right. ill merge it. but don't expect a new release for it, as pypi provides wheels anyway. thanks again for the patch!
KOLANICH
commented
4 years ago but don't expect a new release for it,
I don't use releases, I usually install packages directly from their git repos :)
Hi, thanks for the pull request, but what is the rationale behind the change? is setup.py deprecated?