Terry J. Reedy added the comment: Upendra: you own the code you are writing. Are you willing to create and maintain for some time a PyPI project?
If so, Nick, Donald, or someone should be willing and able to help. If you do so, please make someone a backup co-owner, to make it less likely that it becomes an orphan project. It would be silly to tell beginners that they must learn to use a console to run pip to install pipgui so they can avoid using a console to run pip. If we go this route, I could, at least as a backup, have the IDLE menu event handle conditionally offer to install pipgui. See msg269252 of #23551. A separate 'ensurepipgui' doesn't seem necessary to me. Once pip is known to be installed, it can be used to install pipgui. Once pipgui exists, ensurepip should just install it as its last step. Nick, what do you think? One concern I have is that installing pipgui from PyPI seems more of a security risk than pre-installing it. Before committing to idlelib, I would review it before testing on my own machine. Any further changes would have to be by a core developer, and would be published on Python-checkins for anyone to review. The latter does not happen for external projects. (Upendra, please don't take offense from this. Donald is a core developer with a long history, including with security issues. You aren't. And I have not much experience with security issues either.) Another issue with pip and pipgui is that PyPI is apparently vulnerable to typosquatting attacks, see http://arstechnica.co.uk/security/2016/06/german-student-university-of-hamburg-typosquatting-attack/ I believe beginners are more susceptible to mistyping package names. The above report makes me realize that installing from a stored requirements list is a good idea, and think that pipgui, at least when run from IDLE, should install from a whitelist, (in idlelib, for IDLE?). Some instructors might require this or want to add or subtract names. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27051> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
