Something that caught my attention in the recent security discussions is the observation that one of the most common insecure practices in the Python community is to run "sudo pip" with unsigned packages (sometimes on untrusted networks).
To my mind, this is a natural reaction to the user experience of pip: you run "pip install package", it complains it can't write to the system site packages directory, so you run "sudo pip install package" to give it the permissions it clearly wants. If pip used the user site packages by default (when running as anyone other than root), that dangerous UI flow wouldn't happen. Even when pip was run outside a virtualenv, it would "just work" from the users perspective. It also has the advantage of keeping systems cleaner by default, since there will be a clear separation between system packages and pip-installed packages. Thoughts? Regards, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
