[Python-modules-team] Bug#771794: Bug#771794: Bug#771794: pip silently removes/updates system provided python packages

Donald Stufft donald at stufft.io
Tue Dec 2 17:37:40 UTC 2014

> On Dec 2, 2014, at 12:25 PM, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> On 12/02/2014 11:51 AM, Donald Stufft wrote:
>> I'd very much prefer it if you didn't do this. This *is* going to break things
>> for people and it's going to cause a bunch of confusion. 
> It's not clear to me which side you're arguing for.  can you clarify
> which action is going to break things for people and cause a bunch of
> confusion?
> If pip silently removes/updates system-provided python packages, that is
> likely to break things and cause a bunch of confusion, no?
> alternately, if pip verbosely refuses to run as uid 0, that's at least a
> non-silent failure. (though it certainly will break things and frustrate
> some people)
> 	--dkg

I’m saying don’t make the change. There are major software systems that
rely on the ability to install things as root using pip. Chef, puppet, etc.

It’s also going to cause a bunch of confusion because all of a sudden pip
is going to have a vastly different behavior if it’s running on Debian vs
if it’s running somewhere else. That’s going to blow back on us (the pip
maintainers) as we get bug reports from people who assume we broke their
use cases for pip.

We (pip maintainers) recognize this can cause issues and we’d like to 
arrive a solution that solves this issue without introducing major divergence
between various platforms and with respect towards the use cases that
need or require that ability. It’s somewhat of a thorny problems to do it
correctly, we’re a fairly small team with limited time, and we have bigger
issues of concern that have taken a front seat.

Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

More information about the Python-modules-team mailing list