Comment 2 for bug 1192966

Yeah, that's a good way to work around it. But I'd first like to know if we are actually vulnerable to anything before keeping this private and start dancing the whole embargoed dance. If this is not exploitable we could just wait for the setuptools fix.

Those utilities seem pretty limited in their imports, and I wonder if any of them would actually be importing a .so-powered python dep.