Open controversial opened 7 years ago
1) why would you have that? 2) how would it work?
Like the StaSh installer: import requests as r; exec(r.get("goo.gl/abcdef").text);
. Each repo would have code. Then the shortlink would expand to installers.pythonista.cloud/?something
, which would return a full install script.
Is the install script supplied by the library or by pythonista.cloud? Using exec
is really dangerous if you don't control every step of the process.
Also, I think it'd make more sense to have an install script that just calls the locally installed cloud
module to install libraries. If cloud
isn't already installed, the script should install cloud
first, then use it to install the other library. I know this sounds a bit complicated but I think it makes more sense, otherwise you'd just create two separate dependency installation services.
The install script just downloads and extracts the script to
site-packages
or Documents
(depending on the type of package). It
doesn’t allow execution of arbitrary code.
The install script might leverage cloud
, but I was intending them to be
separate since cloud
will have a custom dependency and caching mechanism,
and will involve a lot of behind-the-scenes voodoo. The install scripts
would be the “other way” and they’d just be for installing to
site-packages
or Documents
.
On Wed, Sep 28, 2016 at 8:43 AM Lukas Kollmer notifications@github.com wrote:
Is the install script supplies by the library or by pythonista.cloud? Using exec is really dangerous if you don't control every step of the process.
Also, I think it'd make more sense to have an install script that just calls the locally installed cloud module to install libraries. If cloud isn't already installed, the script should install cloud first, then use it to install the other library. I know this sounds a bit complicated but I think it makes more sense, otherwise you'd just create two separate dependency installation services.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/pythonista-cloud/server/issues/2#issuecomment-250155590, or mute the thread https://github.com/notifications/unsubscribe-auth/AJ5Yr68H88TSxXiOUuTk_oSLU_N92jPvks5qumDwgaJpZM4KIvCA .
Each library should have an installer snippet that can be pasted to install it to
site-packages
. This would work independently from thecloud
module.