On 2023-07-05 07:13, Chris Angelico wrote:
Right; hence the question of how a "vetted Python package collection" would compare. I can type "sudo apt install python-" and add the name of a package, and I get some assurance that:
1) The package works 2) The package is useful enough 3) It's not malware 4) The specific*version* of the package works along with the versions of everything else.
In my experience this is how conda-forge is too. The level of assurance is somewhat lower, but there is still a level of assurance about all those things. For point 4, the assurance is about the version you install working with the conda environment you install it into. This is an advantage over systemwide installs like debian packages because it means you can have multiple environments and know each one is consistent. Most of the problems arise when you circumvent conda's consistency checking, for instance by installing a package with pip rather than with conda. -- Brendan Barnwell "Do not follow where the path may lead. Go, instead, where there is no path, and leave a trail." --author unknown