this post was submitted on 11 Jan 2025
52 points (93.3% liked)
Python
6516 readers
31 users here now
Welcome to the Python community on the programming.dev Lemmy instance!
π Events
Past
November 2023
- PyCon Ireland 2023, 11-12th
- PyData Tel Aviv 2023 14th
October 2023
- PyConES Canarias 2023, 6-8th
- DjangoCon US 2023, 16-20th (!django π¬)
July 2023
- PyDelhi Meetup, 2nd
- PyCon Israel, 4-5th
- DFW Pythoneers, 6th
- Django Girls Abraka, 6-7th
- SciPy 2023 10-16th, Austin
- IndyPy, 11th
- Leipzig Python User Group, 11th
- Austin Python, 12th
- EuroPython 2023, 17-23rd
- Austin Python: Evening of Coding, 18th
- PyHEP.dev 2023 - "Python in HEP" Developer's Workshop, 25th
August 2023
- PyLadies Dublin, 15th
- EuroSciPy 2023, 14-18th
September 2023
- PyData Amsterdam, 14-16th
- PyCon UK, 22nd - 25th
π Python project:
- Python
- Documentation
- News & Blog
- Python Planet blog aggregator
π Python Community:
- #python IRC for general questions
- #python-dev IRC for CPython developers
- PySlackers Slack channel
- Python Discord server
- Python Weekly newsletters
- Mailing lists
- Forum
β¨ Python Ecosystem:
π Fediverse
Communities
- #python on Mastodon
- c/django on programming.dev
- c/pythorhead on lemmy.dbzer0.com
Projects
- PythΓΆrhead: a Python library for interacting with Lemmy
- Plemmy: a Python package for accessing the Lemmy API
- pylemmy pylemmy enables simple access to Lemmy's API with Python
- mastodon.py, a Python wrapper for the Mastodon API
Feeds
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I hate this hand-holding. Certainly use venvs for dev projects but allow system-wide installations for those that want it. OSS has always been about giving you enough rope to hang yourself.
then they come after our guns, but spoons are always magically safe
To all the fat slob system wide installation cock blocking PR submitters, i say,
Ban spoons!Shooting ourselves in the foot is a G'd given right! /nosarc
Couldn't have said it better. π
Which you can still do. That said, the "correct" and less problematic way of installing packages should be easier than the alternative.
What really annoys me is they purposely broke per-user and local installation. Fine, system wise installation isn't a good idea when it's already managed by another package manager, but user installation is my domain.
The reason they did this is because a package installed by the user can be active when a system tool is called and break the system tool. The distro developers went "Oh, we should force all user code into venvs so that our code is safe".
Completely and utterly backwards. The protected code needs to be inside the defensive wall. The user should be allowed to do anything in the knowledge that they can't inadvertently change the OS. When a system tool is called it should only have system libraries on it's Python Path.
You still have the option to choose not to use a venv and risk breaking your user space.
The changes make this harder to do it by accident by encouraging use of a venv. Part of the problem is that
pip install --useris not exactly in the user space and may in fact break system packages, and as you wrote, the user shouldn't be able to inadvertently change the OS.So the problem here is that you can inject code into a system python process because they run with the user's python install location on their path.
They've fixed the wrong "root cause".
Makes more sense and I agree, especially with the apparent ease of
pip install --user. But there should be no barriers when the root user is used withpip install --system.