Re: Python 2 to 3 conversion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andras Simon wrote:
> Le mar. 19 nov. 2024, 16:16, Todd Zullinger <tmz@xxxxxxxxx> a écrit :
> 
>> [...]
>>
>> ¹ I'm sure many people swear by pip, but I think it's barely
>>   better than running `curl ... | bash` to install things,
>>   which I consider to be a bad practice.
> 
> I agree, but is there a better way when something is not
> packaged for Fedora (other than packaging it, and all its
> dependencies for Fedora)?

Short of packaging things, running it in a container is a
mild improvement.  It's still a hideous thing to do and if
you're going to run the software more than once or twice,
packaging it properly is worth the effort.  But for a quick
one-off, I could stomach running pip inside a container.

My bias comes from looking at things as a sysadmin rather
than a developer.  So I place more importance on having a
solid, auditable, reproducible system than on getting
library X, Y, and Z installed quickly so I can prototype
some new feature for a product manager.

I'm the one who will be paged late at night if things break,
so I do everything I can to block folks from using quick and
dirty methods to push code to systems I must then maintain.

I also think the security of pip (or any of the other
language-specific install tools) leaves a lot to be desired,
compared to installations from a trusted distro repository
where things are signed and build logs are available.  Short
of directly auditing and building all code yourself, the
distro repos are so much better than pip install will ever
be.

> Maybe a script that would check which dependencies of a
> random Python package are dnf installable would help to
> some extent; then one could use --system-site-packages
> when creating a virtual environment in which pip is used
> to minimize the number of pip installations.  Of course,
> one can do this by hand, too.

I _think_ that pip from Fedora may do this already (though it
might only pick up dependency which are already installed at
the system level)? 

I'm not sure and have never looked into it, because I start
from the premise that if it's worth installing on my system,
it's going to have to be packaged properly (as an rpm or deb
or whatever system I'm using).

-- 
Todd

Attachment: signature.asc
Description: PGP signature

-- 
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux