diff options
| author | Jason R. Coombs <jaraco@jaraco.com> | 2014-02-09 16:09:01 -0500 |
|---|---|---|
| committer | Jason R. Coombs <jaraco@jaraco.com> | 2014-02-09 16:09:01 -0500 |
| commit | 4c7aaccacb0a756f45862826025bfdd579195d1e (patch) | |
| tree | c2dbfb3db43ed2aa148e0d7ee961c47506e249ee /CHANGES.txt | |
| parent | 875393f610a867ae7258d673c1cf5638e253eff4 (diff) | |
| download | python-setuptools-git-4c7aaccacb0a756f45862826025bfdd579195d1e.tar.gz | |
Use zip files rather than tar files for source distributions of setuptools itself. Fixes #7 for users of Python 2.7.4 and later.
Diffstat (limited to 'CHANGES.txt')
| -rw-r--r-- | CHANGES.txt | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 8200b99a..3fcff3a9 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -14,6 +14,10 @@ CHANGES handled properly at runtime. In 2.x it was possible to get away without including the declaration, but only at the cost of forcing namespace packages to be imported early, which 3.0 no longer does. +* Issue #7: Setuptools itself is now distributed as a zipfile instead of a + tarball. This approach avoids the potential security vulnerabilities + presented by use of tar files. It also leverages the security features added + to ZipFile.extract in Python 2.7.4. --- 2.3 |