[Distutils] Don't Use `sudo pip install´ (was Re: [final version?] PEP 513…)
Glyph Lefkowitz
glyph at twistedmatrix.com
Wed Feb 17 08:58:04 EST 2016
> On Feb 16, 2016, at 6:22 PM, Noah Kantrowitz <noah at coderanger.net> wrote:
>
> I'm not concerned with if the module is importable specifically, but I am concerned with where the files will live overall. When building generic ops tooling, being unsurprising is almost always the right move and I would be surprised if supervisor installed to a custom virtualenv.
Would you not be surprised if installing supervisord upgraded e�.g. `six´ or `setuptools´ and broke apport? or lsb_release? or dnf? This type of version conflict is of course rare, but it is always possible, and every 'pip install' takes the system from a supported / supportable state to "???" depending on the dependencies of every other tool which may have been installed (and pip doesn't have a constraint solver for its dependencies, so you don't even know if the system gets formally broken by two explicitly conflicting requirements).
> It's a weird side effect of Python not having a great solution for "application packaging" I guess? We've got standards for web-ish applications, but not much for system services. I'm not saying I think creating an isolated "global-ish" environment would be worse, I'm saying nothing does that right now and I personally don't want to be the first because that bring a lot of pain with it :-)
What makes the web-ish stuff "standard" is just that a lot of people are doing it. So a lot of people should start doing this, and then it will also be a standard :-).
I can tell you that on systems where I've done this sort of thing, it has surprised no-one that I'm aware of and I have not had any issues to speak of. So I think you might be overestimating the risk.
In fairness though I've never written a clear explanation anywhere of why this is desirable; it strikes me as obvious but it is clearly not the present best-practice, which means somebody needs to do some thought-leadering. So I owe you a blog post.
-glyph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20160217/d6f2aa41/attachment.html>
More information about the Distutils-SIG
mailing list