Message392887
> My biggest concern is with the bare "import _vendor_config", which I'd prefer to have restricted to a fixed location, rather than being influenced by environment variables and other options. We already have an issue with readline being imported from anywhere it can be found.
Oh, I share the same concern! Though users could already mess up Python pretty badly by shadowing/overwriting parts of it, so I didn't thought it would be that big of an issue. Is there a way to achieve this while still allowing us to do everything we want?
> Sorry for not getting to this sooner, but 5 days is really tight for such a change.
No worries. It was my fault, I should have been more attentive to the Python release timeline.
> With -S/-I, It would be great if sys.path only included packages installed as part of the OS, and not those installed by `sudo pip`. (Or `pip --user`, but that's covered).
Perhaps we could add an option to enable only vendor site schemes?
> It seems that with the current patch, pip will install into site-packages and there's no way to disable/change site-packages. Is that the case?
I mean, there is, though not as straightforward as -S/-I. I was planning on using it to build the distro entrypoint scripts, so that they only include the distro packages.
$ python -S
> site.addsitedir(sysconfig.get_path('purelib', 'vendor'))
> site.addsitedir(sysconfig.get_path('platlib', 'vendor'))
As I mentioned above, we could add a cli flag to do essentially the same. |
|
Date |
User |
Action |
Args |
2021-05-04 12:55:21 | FFY00 | set | recipients:
+ FFY00, jaraco, petr.viktorin, steve.dower, hroncok, frenzy |
2021-05-04 12:55:21 | FFY00 | set | messageid: <1620132921.12.0.908608661107.issue43976@roundup.psfhosted.org> |
2021-05-04 12:55:21 | FFY00 | link | issue43976 messages |
2021-05-04 12:55:20 | FFY00 | create | |
|