Author FFY00
Recipients FFY00, frenzy, hroncok, jaraco, petr.viktorin, steve.dower
Date 2021-05-04.12:55:20
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
> My biggest concern is with the bare "import _vendor_config", which I'd prefer to have restricted to a fixed location, rather than being influenced by environment variables and other options. We already have an issue with readline being imported from anywhere it can be found.

Oh, I share the same concern! Though users could already mess up Python pretty badly by shadowing/overwriting parts of it, so I didn't thought it would be that big of an issue. Is there a way to achieve this while still allowing us to do everything we want?

> Sorry for not getting to this sooner, but 5 days is really tight for such a change.

No worries. It was my fault, I should have been more attentive to the Python release timeline.

> With -S/-I, It would be great if sys.path only included packages installed as part of the OS, and not those installed by `sudo pip`. (Or `pip --user`, but that's covered).

Perhaps we could add an option to enable only vendor site schemes?

> It seems that with the current patch, pip will install into site-packages and there's no way to disable/change site-packages. Is that the case?

I mean, there is, though not as straightforward as -S/-I. I was planning on using it to build the distro entrypoint scripts, so that they only include the distro packages.

$ python -S
> site.addsitedir(sysconfig.get_path('purelib', 'vendor'))
> site.addsitedir(sysconfig.get_path('platlib', 'vendor'))

As I mentioned above, we could add a cli flag to do essentially the same.
Date User Action Args
2021-05-04 12:55:21FFY00setrecipients: + FFY00, jaraco, petr.viktorin, steve.dower, hroncok, frenzy
2021-05-04 12:55:21FFY00setmessageid: <>
2021-05-04 12:55:21FFY00linkissue43976 messages
2021-05-04 12:55:20FFY00create