[Python-Dev] 3.5 release schedule PEP
Mike Miller
python-dev at mgmiller.net
Wed Sep 24 23:19:10 CEST 2014
Paul Moore wrote:
>> One thing that I presume would be an issue. Isn't Program Files protected in
>> newer versions of Windows?
Yes, that's the feature that protects from malicious users/code editing "import
os" to run "format c:\", spam your address book, or look for credit card
numbers, etc.
It is the same on Mac and other Unix systems, even Windows since Vista came out,
almost 10 years ago.
>
> This is my main concern. Until pip install --user is the default
> (or the fallback if there are no write permissions on the destination),
>> real-life experience, certainly. But I would suggest carefully checking before
>> making the switch.
Windows users know how to elevate now, especially developer types.
It should be billed as a "feature for your protection" not something to be
feared. Microsoft decided security was worth the pain of changing over its
billions of users. Why not Python?
In my experience pip --user works just fine also. We use it on our unmanned
media players successfully.
We also write Windows services, which run under a system account, where it is
imperative everything is running from a secure file system.
> A good reason to decide early on a change like this,
> or at least to promote it as an option in 3.5 and make it the default in 3.6.
It's already an option! It always has been --> Custom install. I can't
remember a time when it didn't work perfectly.
-Mike
More information about the Python-Dev
mailing list