[Python-Dev] 3.5 release schedule PEP
python-dev at mgmiller.net
Wed Sep 24 23:19:10 CEST 2014
Paul Moore wrote:
>> One thing that I presume would be an issue. Isn't Program Files protected in
>> newer versions of Windows?
Yes, that's the feature that protects from malicious users/code editing "import
os" to run "format c:\", spam your address book, or look for credit card
It is the same on Mac and other Unix systems, even Windows since Vista came out,
almost 10 years ago.
> This is my main concern. Until pip install --user is the default
> (or the fallback if there are no write permissions on the destination),
>> real-life experience, certainly. But I would suggest carefully checking before
>> making the switch.
Windows users know how to elevate now, especially developer types.
It should be billed as a "feature for your protection" not something to be
feared. Microsoft decided security was worth the pain of changing over its
billions of users. Why not Python?
In my experience pip --user works just fine also. We use it on our unmanned
media players successfully.
We also write Windows services, which run under a system account, where it is
imperative everything is running from a secure file system.
> A good reason to decide early on a change like this,
> or at least to promote it as an option in 3.5 and make it the default in 3.6.
It's already an option! It always has been --> Custom install. I can't
remember a time when it didn't work perfectly.
More information about the Python-Dev