Re: [Distutils] Don't Use `sudo pip install´ (was Re: [final version?] PEP 513…)

Wed, 17 Feb 2016 19:10:18 -0800 

> On Feb 17, 2016, at 5:58 AM, Glyph Lefkowitz <gl...@twistedmatrix.com> wrote:
> 
> 
>> On Feb 16, 2016, at 6:22 PM, Noah Kantrowitz <n...@coderanger.net> wrote:
>> 
>> I'm not concerned with if the module is importable specifically, but I am 
>> concerned with where the files will live overall. When building generic ops 
>> tooling, being unsurprising is almost always the right move and I would be 
>> surprised if supervisor installed to a custom virtualenv.
> 
> Would you not be surprised if installing supervisord upgraded e.g. `six´ or 
> `setuptools´ and broke apport? or lsb_release? or dnf?  This type of version 
> conflict is of course rare, but it is always possible, and every 'pip 
> install' takes the system from a supported / supportable state to "???" 
> depending on the dependencies of every other tool which may have been 
> installed (and pip doesn't have a constraint solver for its dependencies, so 
> you don't even know if the system gets formally broken by two explicitly 
> conflicting requirements).
> 
>> It's a weird side effect of Python not having a great solution for 
>> "application packaging" I guess? We've got standards for web-ish 
>> applications, but not much for system services. I'm not saying I think 
>> creating an isolated "global-ish" environment would be worse, I'm saying 
>> nothing does that right now and I personally don't want to be the first 
>> because that bring a lot of pain with it :-)
> 
> What makes the web-ish stuff "standard" is just that a lot of people are 
> doing it.  So a lot of people should start doing this, and then it will also 
> be a standard :-).
> 
> I can tell you that on systems where I've done this sort of thing, it has 
> surprised no-one that I'm aware of and I have not had any issues to speak of. 
>  So I think you might be overestimating the risk.
> 
> In fairness though I've never written a clear explanation anywhere of why 
> this is desirable; it strikes me as obvious but it is clearly not the present 
> best-practice, which means somebody needs to do some thought-leadering.  So I 
> owe you a blog post.

Saying it's a good idea and we should move towards it is fine and I agree, but 
that isn't grounds to remove the ability to do things the current way. So you 
can warn people off from global installs but until there is at least some 
community awareness of this other way to do things we can't remove support 
entirely. It's going to be a very slow deprecation process.

--Noah

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Reply via email to