[Distutils] PEP 453 Round 2 - Explicit bootstrapping of pip in Python installations
Antoine Pitrou
antoine at python.org
Mon Sep 16 13:57:34 CEST 2013
Nick Coghlan <ncoghlan <at> gmail.com> writes:
> Well, people shouldn't be running getpip manually very often in the first
place.
> The one thing I do *not* want to preclude is security improvements in
maintenance
> releases. Those *may* require visible CLI changes (e.g. a flag to opt in
to signature
> checking).
> End users should then get the enhanced security automatically most of the
time (as the
> installers and pyvenv pass in the flag), while direct invocations will
remain unaltered
> (as they *won't* pass the new flag).
I definitely agree with this :)
> (although, to be honest, while I don't work for the Platform team, it wouldn't
> surprise me if Red Hat still left pip and getpip out of RHEL and only included
> it in Red Hat Software Collections, regardless of what our recommendations
say).
Yes, I suppose Debian may make the same choice. Distributions like their
"minimal" packages :)
Regards
Antoine.
More information about the Distutils-SIG
mailing list