
For secured production applications, the user running the app should not be able to preempt system binaries or overwrite user-writeable config in $HOME. We tend to compromise on the side of developer-friendliness over secure by default. Is pip a tool for development or a tool for production deployments? Pip is definitely a tool for development. There are lots of packaging systems for production deployments which can handle e.g. file permissions and modifying /etc config. Pip is sometimes a tool used for production deployment. On Friday, May 25, 2018, Thomas Kluyver <thomas@kluyver.me.uk> wrote:
On Fri, May 25, 2018, at 6:58 PM, Wes Turner wrote:
~/.local/bin is user-writeable. If ~/.local was on PATH or by default, it could potentially preempt/modify the behavior of system libraries and binaries; which is a security risk.
I've heard this argument before, and it doesn't stand up, because files like .profile and .bashrc are user writable, and you can use those to add a directory to PATH (among many other things). You may be able to come up with some corner case where it's possible to modify ~/.local/bin but not ~/.profile, but it's pretty clear that this is a post-hoc rationalisation, not a real reason.
It's like that, I strongly suspect, just because that's how it's been forever, and the people who are inconvenienced by it know how to work around it.
Thomas