> Hello, I think we can let pip just break as other distros (eg: ArchLinux > and Debian) with PEP-668. > > https://gitlab.archlinux.org/archlinux/packaging/packages/python/-/blob/main/EXTERNALLY-MANAGED > https://pythonspeed.com/articles/externally-managed-environment-pep-668/ > https://peps.python.org/pep-0668/#recommendations-for-distros > > With usage guide towards virtual environments, guix shell, or pipx > (not packaged yet). > > Consider other distros does the same thing, this should be safer. > > What do you think? 🤔 You're right, making pip break and recommend pipx seems like the right thing to do. I opened a new issue with patches that add python-pipx (haven't done anything related to the 'EXTERNALLY-MANAGED' file yet, tho). Thanks, Wojtek -- (sig_start) website: https://koszko.org/koszko.html fingerprint: E972 7060 E3C5 637C 8A4F 4B42 4BC5 221C 5A79 FD1A follow me on Fediverse: https://friendica.me/profile/koszko/profile ♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ== ✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8= -- (sig_end) On Sat, 22 Jul 2023 08:30:04 +0800 宋文武 wrote: > Wojtek Kosior writes: > > > Python applications used to prioritize loading their libraries from so-called > > "user site dir" (usually in ~/.local/lib/python/site-packages). The > > libraries would only be loaded from /gnu/store when not found in the user site > > dir. This used to cause hard-to-diagnose bugs like [1] when a user happened to > > have a similar but incompatible version of a library installed via pip. > > > > These patches modify the python-build-system's procedure responsible for > > wrapping executables. The modified proc defines a PYTHONNOUSERSITE variable > > which makes Python applications disregard the user site dir when loading > > libraries. > > > > While this solution does harden most Python applications, it can also break a > > few ones like pip that operate on the user site dir itself. To work around > > that, the second patch introduces a change to pip to allow installing to the > > user site directory even when PYTHONNOUSERSITE is set by the Guix-created > > wrapper script. > > Hello, I think we can let pip just break as other distros (eg: ArchLinux > and Debian) with PEP-668. > > https://gitlab.archlinux.org/archlinux/packaging/packages/python/-/blob/main/EXTERNALLY-MANAGED > https://pythonspeed.com/articles/externally-managed-environment-pep-668/ > https://peps.python.org/pep-0668/#recommendations-for-distros > > With usage guide towards virtual environments, guix shell, or pipx > (not packaged yet). > > Consider other distros does the same thing, this should be safer. > > What do you think? 🤔