[Catalog-sig] Use user-specific site-packages by default?

[Nick Coghlan]

Something that caught my attention in the recent security discussions
is the observation that one of the most common insecure practices in
the Python community is to run "sudo pip" with unsigned packages
(sometimes on untrusted networks).

To my mind, this is a natural reaction to the user experience of pip:
you run "pip install package", it complains it can't write to the
system site packages directory, so you run "sudo pip install package"
to give it the permissions it clearly wants.

If pip used the user site packages by default (when running as anyone
other than root), that dangerous UI flow wouldn't happen. Even when
pip was run outside a virtualenv, it would "just work" from the users
perspective. It also has the advantage of keeping systems cleaner by
default, since there will be a clear separation between system
packages and pip-installed packages.

Thoughts?

Regards,
Nick.

-- 
Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia