[Python-modules-team] Bug#771794: pip silently removes/updates system provided python packages
Matthias Klose
doko at debian.org
Tue Dec 2 13:49:27 UTC 2014
Package: python-pip
Version: 1.5.6-3
Severity: serious
Tags: sid jessie
pip currently silently removes/updates system provided python packages when used
on the system python. This is only seen when a user calls pip with
administrator rights, but it makes debian python packages somehow useless.
Upstream is aware of the issue. With distutils and setuptools patched to
install into safe locations in the distro, it is unfortunate that the next tool
adds such features, and doesn't even warn the user.
For jessie I suggest to just disable pip when used on the system python, unless
a new option --yes-i-want-to-screw-up-my-system-python is given.
More information about the Python-modules-team
mailing list