this post was submitted on 11 Jan 2025

53 points (93.4% liked)

Python

6598 readers

40 users here now

Welcome to the Python community on the programming.dev Lemmy instance!

📅 Events

Past

November 2023

PyCon Ireland 2023, 11-12th
PyData Tel Aviv 2023 14th

October 2023

PyConES Canarias 2023, 6-8th
DjangoCon US 2023, 16-20th (!django 💬)

July 2023

PyDelhi Meetup, 2nd
PyCon Israel, 4-5th
DFW Pythoneers, 6th
Django Girls Abraka, 6-7th
SciPy 2023 10-16th, Austin
IndyPy, 11th
Leipzig Python User Group, 11th
Austin Python, 12th
EuroPython 2023, 17-23rd
Austin Python: Evening of Coding, 18th
PyHEP.dev 2023 - "Python in HEP" Developer's Workshop, 25th

August 2023

PyLadies Dublin, 15th
EuroSciPy 2023, 14-18th

September 2023

PyData Amsterdam, 14-16th
PyCon UK, 22nd - 25th

🐍 Python project:

💓 Python Community:

#python IRC for general questions
#python-dev IRC for CPython developers
PySlackers Slack channel
Python Discord server
Python Weekly newsletters
Mailing lists
Forum

✨ Python Ecosystem:

🌌 Fediverse

Communities

#python on Mastodon
c/django on programming.dev
c/pythorhead on lemmy.dbzer0.com

Projects

Pythörhead: a Python library for interacting with Lemmy
Plemmy: a Python package for accessing the Lemmy API
pylemmy pylemmy enables simple access to Lemmy's API with Python
mastodon.py, a Python wrapper for the Mastodon API

Feeds

founded 2 years ago

MODERATORS

erlingur@programming.dev

jnovinger@programming.dev

norambna@programming.dev

53

Yes, you should use a Python venv in a container like docker (www.bitecode.dev)

submitted 3 weeks ago by norambna@programming.dev to c/python@programming.dev

42 comments fedilink hide all child comments

via https://framapiaf.org/@bitecode/113810446556732210

you are viewing a single comment's thread
view the rest of the comments

[–] eager_eagle@lemmy.world 3 points 3 weeks ago (2 children)

You still have the option to choose not to use a venv and risk breaking your user space.

The changes make this harder to do it by accident by encouraging use of a venv. Part of the problem is that pip install --user is not exactly in the user space and may in fact break system packages, and as you wrote, the user shouldn't be able to inadvertently change the OS.

[–] wewbull@feddit.uk 2 points 3 weeks ago* (last edited 3 weeks ago)

So the problem here is that you can inject code into a system python process because they run with the user's python install location on their path.

They've fixed the wrong "root cause".

[–] taiidan@slrpnk.net 1 points 3 weeks ago

Makes more sense and I agree, especially with the apparent ease of pip install --user. But there should be no barriers when the root user is used with pip install --system.