[Distutils] Re: sudo pip install: install pip files into /usr/local on Linux?

As an user, I want to use "sudo pip install" because packages installed in /usr (or /usr/local) are accessible without having to touch PYTHONPATH: the install directory is part of the default sys.path. Steve Dower also proposed the idea of a "default virtual environment" somewhere in the $HOME

[Distutils] Re: sudo pip install: install pip files into /usr/local on Linux?

Maybe `sudo pip install` should: - create a chroot && mkdir --prefix - drop privileges* - pip install - chown -R root:root - mv chroot/prefix/* prefix/ In most cases, the user does not need to run the (unreviewed, unsigned) code as root; neither should they run the (unreviewed, unsigned)

[Distutils] Re: sudo pip install: install pip files into /usr/local on Linux?

On Friday, May 25, 2018, Thomas Kluyver wrote: > On Fri, May 25, 2018, at 5:11 PM, Victor Stinner wrote: > > As an user, I want to use "sudo pip install" because packages > > installed in /usr (or /usr/local) are accessible without having to > > touch PYTHONPATH: the

[Distutils] Re: sudo pip install: install pip files into /usr/local on Linux?

For secured production applications, the user running the app should not be able to preempt system binaries or overwrite user-writeable config in $HOME. We tend to compromise on the side of developer-friendliness over secure by default. Is pip a tool for development or a tool for production

[Distutils] Re: sudo pip install: install pip files into /usr/local on Linux?

On Friday, May 25, 2018, Wes Turner wrote: > > > On Friday, May 25, 2018, Thomas Kluyver wrote: > >> On Fri, May 25, 2018, at 5:11 PM, Victor Stinner wrote: >> > As an user, I want to use "sudo pip install" because packages >> > installed in /usr (or

[Distutils] Re: sudo pip install: install pip files into /usr/local on Linux?

> On May 25, 2018, at 12:44 PM, Thomas Kluyver wrote: > > It's more annoying for scripts - on common Linux distributions, the user > scripts location ~/.local/bin is not on PATH by default. It’s on $PATH by default in Fedora I think.-- Distutils-SIG mailing list

[Distutils] Re: sudo pip install: install pip files into /usr/local on Linux?

On 25May2018 0911, Victor Stinner wrote: As an user, I want to use "sudo pip install" because packages installed in /usr (or /usr/local) are accessible without having to touch PYTHONPATH: the install directory is part of the default sys.path. Steve Dower also proposed the idea of a "default

[Distutils] Re: sudo pip install: install pip files into /usr/local on Linux?

On Fri, May 25, 2018, at 5:11 PM, Victor Stinner wrote: > As an user, I want to use "sudo pip install" because packages > installed in /usr (or /usr/local) are accessible without having to > touch PYTHONPATH: the install directory is part of the default > sys.path. This is also true for "pip

[Distutils] Re: sudo pip install: install pip files into /usr/local on Linux?

On Fri, May 25, 2018, at 6:58 PM, Wes Turner wrote: > ~/.local/bin is user-writeable. If ~/.local was on PATH or by default, > it could potentially preempt/modify the behavior of system libraries > and binaries; which is a security risk. I've heard this argument before, and it doesn't stand up,

[Distutils] Re: sudo pip install: install pip files into /usr/local on Linux?

On Fri, May 25, 2018 at 1:07 PM, Thomas Kluyver wrote: > On Fri, May 25, 2018, at 6:58 PM, Wes Turner wrote: > > ~/.local/bin is user-writeable. If ~/.local was on PATH or by default, it > could potentially preempt/modify the behavior of system libraries and > binaries;