Issue 8561: Install .exes generated with distutils to not do a CRC check (original) (raw)

During network transit, .exe generated with distutils may become corrupted. The part of the file that is a binary executable is small compared to the full package typically, so it is possible for the installer to run and lay down bad files. It would be nice if the setup program ran a CRC check on itself before running.

Thanks for the report. I think this is not specific to .exe installers, but an issue that may happen with any kind of download. PyPI publishes MD5 checksums of distributions, which should be checked by tools that download distributions. distutils2 does, and I’m sure other tools like pip are doing the same thing. Does that address your concern?