Phillip J. Eby wrote: > At 06:09 PM 8/11/2005 -0500, Ian Bicking wrote: > >> I think from a make-people-feel-comfortable perspective, it might be >> better if ez_setup informed the user of what it's doing (installing a >> build dependency) and get a confirmation. For instance, it can be >> disconcerting to do something that shouldn't require any privilege >> (e.g., setup.py --help-commands) and end up triggering something that >> does require privilege (global installation of a package). Just an >> "I'm going to do this; OK?" question would be reassuring. > > > But then, how do you do that in such a way that an automated > installation process (other than EasyInstall) won't hang? > > I suppose I could have the download function display a message followed > by a countdown timer that would allow you to abort by hitting ^C. That > way, an unattended process or lazy user (or slow reader :) could just > proceed without needing to do anything. > > The only problem I see with that is that drawing the user's attention to > something that 99% of the time is going to be okay seems like a bad > idea. It's like "WARNING: I'm about to do something exactly like what > you'd do yourself by hand!"
Hopefully setuptools won't get installed 99% of the time, just once or twice per machine. Because setuptools installation can happen even when nothing installation-related is being requested, it's a bit out of the norm. Hence the confirmation, or at least prominent notification. I also, like most unix users, don't usually start by running a command as root, so ez_setup will fail in that situation. At least by putting up the interactive message it's not going to be as surprising when that happens. >> But other layers of consistency are possible. For instance, for a >> package to be "trusted" by PyPI (on some level), maybe an email >> confirmation of substantive package updates would be required (like >> new releases, new versions of files, etc). This is just another >> consistency check -- make sure that the person on the other end of the >> registered email address approves what the person with the login >> account is doing (of course usually those are the same person). > > > At the very least, sending them emails about stuff that's happening > would ensure they find out their account has been hacked. Assuming the > address is still valid, of course, which isn't always the case. :( Until you start getting phishing emails trying to pretend that your account is hacked. Ah, life on the internet... ): -- Ian Bicking / [EMAIL PROTECTED] / http://blog.ianbicking.org _______________________________________________ Distutils-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/distutils-sig
