As an user, I want to use "sudo pip install" because packages
installed in /usr (or /usr/local) are accessible without having to
touch PYTHONPATH: the install directory is part of the default
sys.path.
Steve Dower also proposed the idea of a "default virtual environment"
somewhere in the $HOME
Maybe `sudo pip install` should:
- create a chroot && mkdir --prefix
- drop privileges*
- pip install
- chown -R root:root
- mv chroot/prefix/* prefix/
In most cases, the user does not need to run the (unreviewed, unsigned)
code as root; neither should they run the (unreviewed, unsigned)
On Friday, May 25, 2018, Thomas Kluyver wrote:
> On Fri, May 25, 2018, at 5:11 PM, Victor Stinner wrote:
> > As an user, I want to use "sudo pip install" because packages
> > installed in /usr (or /usr/local) are accessible without having to
> > touch PYTHONPATH: the
For secured production applications, the user running the app should not be
able to preempt system binaries or overwrite user-writeable config in $HOME.
We tend to compromise on the side of developer-friendliness over secure by
default.
Is pip a tool for development or a tool for production
On Friday, May 25, 2018, Wes Turner wrote:
>
>
> On Friday, May 25, 2018, Thomas Kluyver wrote:
>
>> On Fri, May 25, 2018, at 5:11 PM, Victor Stinner wrote:
>> > As an user, I want to use "sudo pip install" because packages
>> > installed in /usr (or
> On May 25, 2018, at 12:44 PM, Thomas Kluyver wrote:
>
> It's more annoying for scripts - on common Linux distributions, the user
> scripts location ~/.local/bin is not on PATH by default.
It’s on $PATH by default in Fedora I think.--
Distutils-SIG mailing list
On 25May2018 0911, Victor Stinner wrote:
As an user, I want to use "sudo pip install" because packages
installed in /usr (or /usr/local) are accessible without having to
touch PYTHONPATH: the install directory is part of the default
sys.path.
Steve Dower also proposed the idea of a "default
On Fri, May 25, 2018, at 5:11 PM, Victor Stinner wrote:
> As an user, I want to use "sudo pip install" because packages
> installed in /usr (or /usr/local) are accessible without having to
> touch PYTHONPATH: the install directory is part of the default
> sys.path.
This is also true for "pip
On Fri, May 25, 2018, at 6:58 PM, Wes Turner wrote:
> ~/.local/bin is user-writeable. If ~/.local was on PATH or by default,
> it could potentially preempt/modify the behavior of system libraries
> and binaries; which is a security risk.
I've heard this argument before, and it doesn't stand up,
On Fri, May 25, 2018 at 1:07 PM, Thomas Kluyver
wrote:
> On Fri, May 25, 2018, at 6:58 PM, Wes Turner wrote:
>
> ~/.local/bin is user-writeable. If ~/.local was on PATH or by default, it
> could potentially preempt/modify the behavior of system libraries and
> binaries;
10 matches
Mail list logo