[Python-ideas] from __pip__ import
Paul Moore
p.f.moore at gmail.com
Tue Sep 20 11:09:23 EDT 2016
On 20 September 2016 at 13:58, Random832 <random832 at fastmail.com> wrote:
> On Tue, Sep 20, 2016, at 07:12, אלעזר wrote:
>> Moreover, being able to do it programmatically is a security risk,
>> since it requires elevated privileges that I don't know how to drop,
>> and most people will not think about doing, but a library
>> implementation will.
>
> Maybe we should be thinking about why pip requires elevated privileges.
I'm not sure to what extent this was a rhetorical question, but
basically because, by default pip installs into the Python
installation directory, and if the user is running a system Python,
that directory is only modifiable by an admin.
You can use --user to make pip install into the user's site-packages.
But that's not the default, and the proposal didn't discuss supplying
any non-default options to pip. Pip could be changed to make the
default --user, but that's not happened yet (and there are some
compatibility issues holding it up). And even ignoring that, what
about *other* pip options that might be needed (for example,
specifying a proxy, or a non-default certificate store)? There's no
capability to specify them in the proposal.
Paul.
More information about the Python-ideas
mailing list