On Mon, Sep 19, 2016 at 11:35:39PM +0000, אלעזר wrote:
Xavier, how is connecting and installing different from a windows popup "this software requires changes to your firewall settings" or "requires elevated privileges" which already happens. I am all for a two-step process, but I think it should be more user friendly, and it can be done as a Python command from inside the script.
Installing dependencies must be a separate step from running the code. You personally might not care, but some people *do* care. They may have policies about downloading, or even legal requirements about what software they install and run, and so need to vet dependencies, not just blindly install whatever packages are required by a module. They may need authority to install. I don't mean account privileges, I mean they may need their manager's approval. Perhaps the legal department needs to check the licence terms. Perhaps they need to pay for a licence, or get approval to spend the money on a licence. Or they may have a policy of "no unapproved software" because they are legally required to run a specific, known set of software which has been audited, not just any old rubbish they've downloaded off the internet. Or maybe they just don't trust any old rubbish available on the internet and want the choice of whether or not to install it. I know places where it is a firing offence, with no warnings or second chances, to download and install unapproved software on work computers. Your suggestion would make it unsafe to use Python in such an environment. (Of course any Python script *could* try to reach out to the internet to download code, but the risk of this is low. But if the Python language had a built-in command to do this, the risk would be magnified.)
If I send you a small script, it should be treated in the same way as if I send you a program - an installer - not as a code that you should incorporate into your already existing code base.
Some scripts are installers. Some scripts are not. You cannot assume that all scripts should be treated as installers. I normally run scripts as an unprivileged user. Even if I don't trust the code, the worst that happens is limited by the privileges of that user. But installers generally require greater trust and greater privileges -- I might run them as root, or using sudo, otherwise the installation will fail. Keeping installation and execution as separate steps is a security measure. -- Steve