id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	launchpad_bug
1582	zetuptoolz delenda est	davidsarah	somebody	"We need to stop using setuptools, for the following reasons:

 * it frequently downloads, builds, installs, and/or runs the wrong code
 * it frequently gives incorrect, misleading, or insufficient information about what it is doing
 * it operates in a way that is incompatible with many OS packaging practices
 * its behaviour when downloading dependencies is easily exploitable; I don't know of any way to use it securely
 * its implementation is too complex to understand
 * we have needed to maintain a fork in order to partially, and with limited success, mitigate these problems
 * the bugs and design flaws that cause the above problems are not shallow, and it's unlikely that they're going to be fixed any time soon, because it is also poorly maintained.

Dealing with the effects of setuptools' problems on Tahoe-LAFS has inconvenienced users on many occasions and wasted a huge amount of core developer time. This ticket is to find, or to design and implement, an alternative."	defect	closed	major	1.11.0	packaging	1.9.0b1	fixed	setuptools review-needed	vladimir@…