Package: python3.11 Version: 3.11.4-1 Severity: normal X-Debbugs-Cc: debian-python@lists.debian.org Control: found -1 3.11.2-6
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear maintainer, the 'posix_local' scheme will unexpectedly insert "/local"s into path names if the 'base' prefix is changed to something other than '/usr': >>> import sysconfig >>> sysconfig.get_path('purelib') '/usr/local/lib/python3.11/dist-packages' >>> sysconfig.get_path('purelib', vars={'base': '/opt/mystuff'}) '/opt/mystuff/local/lib/python3.11/dist-packages' >>> sysconfig.get_path('purelib', vars={'base': './'}) 'local/lib/python3.11/dist-packages' >>> sysconfig.get_path('purelib', vars={'base': '/usr/local'}) '/usr/local/local/lib/python3.11/dist-packages' As code like the above is actually being used "in the wild" to create FHS-like directory structures in locations other than /usr, we should consider if and how we manage the implied expectation behind that code. As far as I understand the rationale behind the 'posix_local' scheme, it is supposed to prevent local installations into the dpkg-managed /usr/lib, for the reasons given in PEP-668. To that end, the scheme is arguably slightly "overpowered", as it does more than just divert 'purelib' and 'platlib' from /usr/lib. We could make sysconfig.get_path() and sysconfig.get_paths() check if 'base' or 'platbase' are overridden to something other than '/usr' before applying the 'posix_local' scheme for 'purelib' and 'platlib', respectively. This would certainly help minimize the impact of the Debian-specific posix_local scheme. Technically, it means that the posix_local scheme can no longer be expressed as a simple dict, but as far as I see it, this is just a current implementation detail and nothing promised by the sysconfig API. So while it is possible that we would violate other expectations about the behavior of get_path() along the way, I believe we would make the Debianized version of Python more compatible with other platforms and behave less surprisingly in the common use case, which I consider a Good Thing. Feel free to rebut (or second) my reasoning. :) Cheers Timo -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmS9PJgACgkQ+C8H+466 LVlrvQv/S8NjYecZVDu1ARN/DiYg5qCVdWQjpTzWhm+VSBLJ/fkcjyYNLWB+/ott H9DA0bTMsDTKn1G+VZ238Wb8Nm9Hwhx+aVQRENGKh6LR9JLDZT8RzpTQrp/4e9gM KPYaS5KcLi3vpy+9eiu0V0zFTBv5sPLy91bipQ9Cbh6it69Cv7QhUBGNkVz6ckLN 5YWqlK56z2nu2tvaedS/1LrxB7zy6axo1RPLZKKkbk12rTCaeVBSetBnYos978eu 4puSqgKdYKAskvOFo0XCKDR9msBLdKm1V907mkzVfRoh3wWX00gMz9/BplPPnkHB tavi3fqdwkunvq+a1zAn2YKX15JH31vzuTKfIB+XPVgsRuAV9y7y8X/CrMYpy7zX RGRTq8Ycg8BRRMyxIwv/TDJqpXjF6iiL5Qbt/ju7gy/pyDVyqi6VS7BNxhJhprlJ Xk8ctWYj1495hf7O0Hrn1U0q31AW8s9dGJ6ilF+VqAsDqrmsm4vp2dmURHC+0jGn KXOiI8T1 =TwPy -----END PGP SIGNATURE-----