[Python-Dev] 3.5 release schedule PEP

Mike Miller python-dev at mgmiller.net
Wed Sep 24 23:19:10 CEST 2014

Paul Moore wrote:
>> One thing that I presume would be an issue. Isn't Program Files protected in
>> newer versions of Windows?

Yes, that's the feature that protects from malicious users/code editing "import 
os" to run "format c:\", spam your address book, or look for credit card 
numbers, etc.

It is the same on Mac and other Unix systems, even Windows since Vista came out, 
almost 10 years ago.

> This is my main concern. Until pip install --user is the default
> (or the fallback if there are no write permissions on the destination),
>> real-life experience, certainly. But I would suggest carefully checking before
>> making the switch.

Windows users know how to elevate now, especially developer types.

It should be billed as a "feature for your protection" not something to be 
feared.  Microsoft decided security was worth the pain of changing over its 
billions of users.  Why not Python?

In my experience pip --user works just fine also.  We use it on our unmanned 
media players successfully.

We also write Windows services, which run under a system account, where it is 
imperative everything is running from a secure file system.

> A good reason to decide early on a change like this,
 > or at least to promote it as an option in 3.5 and make it the default in 3.6.

It's already an option!  It always has been --> Custom install.  I can't 
remember a time when it didn't work perfectly.


More information about the Python-Dev mailing list