Package: python3.11
Version: 3.11.4-1
Severity: normal
X-Debbugs-Cc: debian-pyt...@lists.debian.org
Control: found -1 3.11.2-6
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Dear maintainer,
the 'posix_local' scheme will unexpectedly insert "/local"s into path
names if the 'base' prefix is changed to something other than '/usr':
>>> import sysconfig
>>> sysconfig.get_path('purelib')
'/usr/local/lib/python3.11/dist-packages'
>>> sysconfig.get_path('purelib', vars={'base': '/opt/mystuff'})
'/opt/mystuff/local/lib/python3.11/dist-packages'
>>> sysconfig.get_path('purelib', vars={'base': './'})
'local/lib/python3.11/dist-packages'
>>> sysconfig.get_path('purelib', vars={'base': '/usr/local'})
'/usr/local/local/lib/python3.11/dist-packages'
As code like the above is actually being used "in the wild" to create
FHS-like directory structures in locations other than /usr, we should
consider if and how we manage the implied expectation behind that code.
As far as I understand the rationale behind the 'posix_local' scheme, it
is supposed to prevent local installations into the dpkg-managed
/usr/lib, for the reasons given in PEP-668. To that end, the scheme is
arguably slightly "overpowered", as it does more than just divert
'purelib' and 'platlib' from /usr/lib.
We could make sysconfig.get_path() and sysconfig.get_paths() check if
'base' or 'platbase' are overridden to something other than '/usr'
before applying the 'posix_local' scheme for 'purelib' and 'platlib',
respectively. This would certainly help minimize the impact of the
Debian-specific posix_local scheme. Technically, it means that the
posix_local scheme can no longer be expressed as a simple dict, but as
far as I see it, this is just a current implementation detail and
nothing promised by the sysconfig API.
So while it is possible that we would violate other expectations about the
behavior of get_path() along the way, I believe we would make the
Debianized version of Python more compatible with other platforms and
behave less surprisingly in the common use case, which I consider a Good
Thing.
Feel free to rebut (or second) my reasoning. :)
Cheers
Timo
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmS9PJgACgkQ+C8H+466
LVlrvQv/S8NjYecZVDu1ARN/DiYg5qCVdWQjpTzWhm+VSBLJ/fkcjyYNLWB+/ott
H9DA0bTMsDTKn1G+VZ238Wb8Nm9Hwhx+aVQRENGKh6LR9JLDZT8RzpTQrp/4e9gM
KPYaS5KcLi3vpy+9eiu0V0zFTBv5sPLy91bipQ9Cbh6it69Cv7QhUBGNkVz6ckLN
5YWqlK56z2nu2tvaedS/1LrxB7zy6axo1RPLZKKkbk12rTCaeVBSetBnYos978eu
4puSqgKdYKAskvOFo0XCKDR9msBLdKm1V907mkzVfRoh3wWX00gMz9/BplPPnkHB
tavi3fqdwkunvq+a1zAn2YKX15JH31vzuTKfIB+XPVgsRuAV9y7y8X/CrMYpy7zX
RGRTq8Ycg8BRRMyxIwv/TDJqpXjF6iiL5Qbt/ju7gy/pyDVyqi6VS7BNxhJhprlJ
Xk8ctWYj1495hf7O0Hrn1U0q31AW8s9dGJ6ilF+VqAsDqrmsm4vp2dmURHC+0jGn
KXOiI8T1
=TwPy
-----END PGP SIGNATURE-----
