On Wed, Mar 18, 2015 at 2:56 PM, Barry Warsaw <barry@python.org> wrote:
On Mar 18, 2015, at 02:44 PM, Toshio Kuratomi wrote:
Interesting, I've cautiously in favor of -s in Fedora but the more I've thought about it the less I've liked -E. It just seems like PYTHONPATH is analagous to LD_LIBRARY_PATH for C programs and PATH for shell scripting. We leave both of those for local admins and users to affect the behaviour of programs if they needed to.
It is, and it isn't. It's different because you can always explicitly override the shebang line if needed. So if a local admin really needed to override $PYTHONPATH (though I can't come up with a use case right now), they could just:
$ python3 -s /usr/bin/foo
I could see that as a difference. However, the environment variables give users the ability to change things globally whereas overriding the shebang line is case-by-case so it's not a complete replacement of the functionality. LD_LIBRARY_PATH can be used for things like logging all calls to a specific function, applying a bugfix to a library when you don't have root on the box, evaluating how a potential replacement for a system library will affect the whole system, and other things that are supposed to affect a large number of the files on the OS. PYTHONPATH can be used for the same purposes as long as -E is not embedded into the shebang lines. (I suppose you could write a "python" wrapper script that discards -E... but you'd need root on the box to install your wrapper [since system packages are encouraged to use the full path to python rather than env python] and the change would affect everyone on the box rather than just the person setting the env var). Using -E by default for all system applications would prevent that. The benefit of -E is that it isolates the effects of PYTHONPATH to only specific programs. However, that benefit doesn't seem as striking as it first appears (or at least, as it first appeared to me :-). Unix env vars have their own method of isolation: if the env var is marked for export then it is sent to child processes. If it is not marked for export then it only affects the current process. So it seems like -E isn't adding something new; it's just protecting users from themselves. That seems contrary to "consenting adults" (although distributions are separate entities from python-dev ;-). What makes -s different from -E? If you think about it in the context of users being able to set PYTHONPATH to add libraries that can override system packages then I think specifying -s for system packages establishes a default behaviour: The user can override the defaults but only if they change the environment. Without -s, this expectation is violated for libraries in the user site directory. With -s, the user would have to add the user site directory to PYTHONPATH if they want the libraries there to override system packages. So I guess I'm still leaning towards -E being the wrong choice for Fedora but Fedora lives within a broader ecosystem of python-providing distributions. So I'm interested in seeing whether Debian thought about these aspects when they decided on using -E or if that would change anyone's minds and also what other distributions think about adding -s and/or -E to their packaged applications' shebang lines. -Toshio