On Friday, September 04, 2015 02:30:47 PM Tobias Megies wrote: > Package: ipython3 > Version: 2.3.0-2 > Severity: serious > Justification: Debian Python Policy 2.4.2: Interpreter Location > > Dear Maintainer, > > the main executable /usr/bin/ipython3 has shebang line 1 "#!/usr/bin/env > python3" and thus uses the first python3 interpreter found in $PATH doing a > dynamic lookup at execution time. > If a local user-space Python environment is coming first in $PATH it will > thus yield the Python3 IPython prompt from user space and not from the > system python. This will result in very puzzling situation and clearly is > in violation of the Debian Python Policy which demands the hardcoded system > python binary in shebang. > > See Debian Python Policy 2.4.2 Interpreter location: > https://www.debian.org/doc/packaging-manuals/python-policy/ch-> > python.html#s-interpreter_loc > > === quote start > The preferred specification for the Python interpreter is /usr/bin/python or > /usr/bin/pythonX.Y. This ensures that a Debian installation of python is > used and all dependencies on additional python modules are met. > Maintainers should not override the Debian Python interpreter using > /usr/bin/env python or /usr/bin/env pythonX.Y. This is not advisable as it > bypasses Debian's dependency checking and makes the package vulnerable to > incomplete local installations of python. > === quote end
First, Python policy is not Debian policy, so violating it doesn't automatically make a serious bug. Second, the policy says preferred and should quite deliberately as the /usr/bin/env approach is quite common in the Python world and we do not want to force maintainers to patch large numbers of packages to avoid it. Scott K
signature.asc
Description: This is a digitally signed message part.
