El Sun, 11 Aug 2024 07:28:08 +0000 Edward Toroshchyn <edward.toroshchyn@xxxxx> escribió: > All, > > I would like to defend Python a little bit here. > > On Sunday, August 11th, 2024 at 02:48, David C. Rankin > <drankinatty@xxxxxxxxx> wrote: > > I hate that insecure python software supply-chain. > > In my opinion, it is the responsibility of the system administrator > to avoid installing software other than by using the package manager. > Using `pip install` is only one such installation method; one could > have also just unpacked an archive into /usr/bin, or created their > own shell script there -- all with the same result, but none of the > Python's fault. > > Arguably, Python should not even offer this option. However, at the > time Python was created, this was pretty much normal behaviour (e.g. > Perl and Tex package managers would eagerly install packages > globally), and removing it now would probably be extremely tedious. > However, Python already improves on that by allowing to mark an > environment as "externally managed"[1], which is what the error > message is about. > > Finally, if you would like to find all files that are not installed > by Pacman, consider trying lostfiles[2]. > > Best regards, > -- > Edward > > [1] https://packaging.python.org/en/latest/specifications/externally-managed-environments/#externally-managed-environments > [2] https://archlinux.org/packages/extra/any/lostfiles/ I don't like python too much, but in this case Edward Toroshchyn is right. Normally I only install python packages with pacman when they are dependencies of antoher program. When it's a isolate Python applications I use the wonderful virtual enviorement of Python. The correct way is to create a virtual enviorment in a user space create the variables in a .bashrc o whatever you use like shell. I recommend pipx for all that because is a very power tool.
