For a source package based on setup tools, setup.py is executed with a minimal environment and can run arbitrary code.
You can (and should!) tell pip not to do this with '--only-binary=:all:'. Building from source is a lousy default.
alt Hacker News
You can (and should!) tell pip not to do this with '--only-binary=:all:'. Building from source is a lousy default.