[issue5342] packaging: add tests for old versions cleanup on update
Sergio Callegari
report at bugs.python.org
Wed Oct 16 14:30:21 CEST 2013
Sergio Callegari added the comment:
Getting bitten by this with numpy/scipy installations
Having previous scipy installed,
pip install -I scipy
creates a broken scipy installation, because the previous one is not removed and gets overwritten. For instance, an old spectral.so file leftover hides the spectral.py file from the new installation causing broken behavior.
Similarly trying
pip uninstall scipy
pip install scipy
does the same, because the distutils uninstall does not uninistall anything, leaves the scipy directory there and all cheerful ends with a 'Successfully uninstalled scipy'.
This is *dangerous*. Mixing old and new code could lead to the weirdest behavior. In principle, one could even use this property to craft packages such that when two subsequent versions are installed one on top of the other malicious things happen even if individually each version is innoquous.
----------
nosy: +Sergio.Callegari
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue5342>
_______________________________________
More information about the Python-bugs-list
mailing list