On Tue, Feb 5, 2013 at 7:57 PM, Giovanni Bajo <ra...@develer.com> wrote: > One meta-question: does this mailing-list have any "authority" over pip? Are > there any pip maintainers here? Because I see that pip development being done > on different channels, so I was wondering what is the workflow to discuss > such modifications.
It's a handy place to get feedback before I post a suggestion to the pip issue tracker, plus catalog-sig has a nice audience of pip *users* as well as developers. As MAL rightly pointed out, the "(when running as anyone other than root)" part of my suggestion is seriously flawed, and I wasn't clear that I didn't want to alter pip's default behaviour when run inside a virtualenv. So, to clarify, the behaviour I would *like* to see pip exhibiting is for the default install location to *change*, rather than trying to install to the system packages directory and then implicitly falling back to the user directory if that fails. Instead, installing to the system site-packages would require an explicit "--system" flag. Desired final behaviour: Inside a virtual environment: pip install pkg: works as now pip uninstall pkg: works as now Ordinary user (no write-access to system site packages): pip install pkg: installs to per-user site packages pip uninstall pkg: uninstalls from per-user site packages pip install --user pkg: installs to per-user site packages pip uninstall --user pkg: uninstalls from per-user site packages pip install --system pkg: fails (likely with a permissions error) pip uninstall --system pkg: fails, even if the package is present (likely with a permissions error) Administrator/root (write-access to system site packages): pip install pkg: asks for confirmation before installing to per-user site packages pip uninstall pkg: asks for confirmation before uninstalling from per-user site packages pip install --user pkg: installs to per-user site packages pip uninstall --user pkg: uninstalls from per-user site packages pip install --system pkg: install to system site packages pip uninstall --system pkg: uninstalls from site packages Confirmation message: "Warning: the current user has write access to the system site-packages directory, but '--system' was not specified. Proceed with installation to/uninstallation from the user package directory at 'path/to/user/dir'? (y/n)" Transition: For ordinary users, the transitional release would print out a warning before proceeding with the installation to the per-user site packages For admin users, the transitional release would print out a warning to start passing "--system", as the behaviour of *not* passing that flag is going to change in the next release Consequences: - the harmful "Cannot write to <blah>" -> "Hit it with the sudo hammer" behaviour is eliminated - user packages are hidden from scripts executed as root, even if the execution of that script neglected the -SE flags - users may encounter the situation where a server process (e.g. mod_wsgi in a local Apache instance) won't be able to see packages in their user directory. This provides an opportunity to nudge them towards virtualenv I see this as very similar to the "install for everyone, or just for me" model used by modern Windows installers, and the default should be "just for me", with "install for everyone" needing to be explicitly requested. It is by no means a comprehensive security solution, but neither is it meant to be (that's what SELinux is for). It is merely an early line of defence that aims to avoid getting users into the habit of running pip with elevated privileges. Regards, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig