I know. I’m glad we build our Python images from source at work.
Wrong; although one could argue that packages installed with PIP_USER set are “sort of” like a virtual environment, they really aren’t. One might also argue that those packages are installed for “the system Python”, which is partially correct, since they are, in fact, intended to be used in conjunction with the same Python executable and some of the same system-provided packages that this so-called “system Python” uses, but they do not end up in the system’s site-packages.
Says who? That sounds like a fairly arbitrary distinction to me. If I’m using the same Python version anyway, why would I need to create a virtual environment and duplicate stuff unnecessarily.
The problem is that the distro is not only preventing me from “installing into the system Python”, it also stops me from installing packages into my user site-packages. THAT is what all this noise is about.
My simple rules of hygiene I alluded to in my previous post above are as follows:
- unprivileged users have
PIP_USERset in their shell’s start-up configuration - system commands are only ever executed as a privileged user
These guarantee that my user installs NEVER pollute system packages, or break system commands built in Python for a privileged user. Yes, running some system-provided Python-based commands as a non-privileged user might break, but there I’d argue that those were not intended to be used by them; in fact, that’s one motivation behind sudo.
So, from my perspective, I wouldn’t complain if that scary flag was only needed when privileged users attempted to run pip install (which I’d never do; so, had that approach been taken, I wouldn’t even have realized this PEP existed). My issue is with the unpleasantries of this PEP being forced on those (like myself) who prefer user installs over virtual environments.
AND, make no mistake, this preference is NOT based on the storage overhead, although that’s a clear waste too, no matter how small, but the convenience of a friction-free user experience; but, I know that’s very subjective.
One the on hand, I’m stunned that people would do that. On the other hand, I’m not really surprised, since people do all kinds of weird stuff they shouldn’t. BTW, this is exactly why I predicted that this PEP’s approach to protection is unlikely to be effective.
Well, I like to think that my foolproof rules of hygiene outlined above are more akin to using provably correct loop invariants that prevent bound violations; but I’d be the first to admit that as a beginner in C a few decades ago, I probably did much worse than just letting pointers step out of bound… 