For secured production applications, the user running the app should not be able to preempt system binaries or overwrite user-writeable config in $HOME.
We tend to compromise on the side of developer-friendliness over secure by default. Is pip a tool for development or a tool for production deployments? Pip is definitely a tool for development. There are lots of packaging systems for production deployments which can handle e.g. file permissions and modifying /etc config. Pip is sometimes a tool used for production deployment. On Friday, May 25, 2018, Thomas Kluyver <tho...@kluyver.me.uk> wrote: > On Fri, May 25, 2018, at 6:58 PM, Wes Turner wrote: > > ~/.local/bin is user-writeable. If ~/.local was on PATH or by default, it > could potentially preempt/modify the behavior of system libraries and > binaries; which is a security risk. > > > I've heard this argument before, and it doesn't stand up, because files > like .profile and .bashrc are user writable, and you can use those to add a > directory to PATH (among many other things). You may be able to come up > with some corner case where it's possible to modify ~/.local/bin but not > ~/.profile, but it's pretty clear that this is a post-hoc rationalisation, > not a real reason. > > It's like that, I strongly suspect, just because that's how it's been > forever, and the people who are inconvenienced by it know how to work > around it. > > Thomas >
-- Distutils-SIG mailing list distutils-sig@python.org https://mail.python.org/mm3/mailman3/lists/distutils-sig.python.org/ Message archived at https://mail.python.org/mm3/archives/list/distutils-sig@python.org/message/YDTCJJHIZWP3S6SMHQJ5YARUT5I3FW4Z/
