[Python-ideas] from __pip__ import

[Steven D'Aprano]

On Mon, Sep 19, 2016 at 11:35:39PM +0000, אלעזר wrote:
> Xavier, how is connecting and installing different from a windows popup
> "this software requires changes to your firewall settings" or "requires
> elevated privileges" which already happens. I am all for a two-step
> process, but I think it should be more user friendly, and it can be done as
> a Python command from inside the script.

Installing dependencies must be a separate step from running the code. 
You personally might not care, but some people *do* care. They may have 
policies about downloading, or even legal requirements about what 
software they install and run, and so need to vet dependencies, not just 
blindly install whatever packages are required by a module.

They may need authority to install. I don't mean account privileges, I 
mean they may need their manager's approval. Perhaps the legal 
department needs to check the licence terms. Perhaps they need to pay 
for a licence, or get approval to spend the money on a licence. Or they 
may have a policy of "no unapproved software" because they are legally 
required to run a specific, known set of software which has been 
audited, not just any old rubbish they've downloaded off the internet.

Or maybe they just don't trust any old rubbish available on the internet 
and want the choice of whether or not to install it.

I know places where it is a firing offence, with no warnings or second 
chances, to download and install unapproved software on work computers. 
Your suggestion would make it unsafe to use Python in such an 
environment.

(Of course any Python script *could* try to reach out to the internet to 
download code, but the risk of this is low. But if the Python language 
had a built-in command to do this, the risk would be magnified.)


> If I send you a small script, it should be treated in the same way as if I
> send you a program - an installer - not as a code that you should
> incorporate into your already existing code base.

Some scripts are installers. Some scripts are not. You cannot assume 
that all scripts should be treated as installers. I normally run scripts 
as an unprivileged user. Even if I don't trust the code, the worst that 
happens is limited by the privileges of that user. But installers 
generally require greater trust and greater privileges -- I might run 
them as root, or using sudo, otherwise the installation will fail.

Keeping installation and execution as separate steps is a security 
measure.


-- 
Steve