[RFE] Isolate yourself from the system Python #3407
Comments
ghost
added
the
|
IMHO this is an interesting topic which would make a great forum topic |
make that "stable and security supported, and being tested in the system environment", and I can agree with that. But yes, the practice replacing components installed with the system package manager (apt, rpm, ...) is terribly wrong, breaking either the system installed components, or your pip-installed app, when updating the system components. |
|
@dstufft thank you making this ticket. i believe this issue highly aligns with the first point brought up in #3095 which was:
dh-virtualenv in particular seems like an interesting tool for us to investigate 👀 |
Feature request
Description
As I understand it, SecureDrop is currently installing all of it's dependencies into the system Python . This is generally considered a poor practice for reasons such as the system providing outdated or otherwise incompatible versions of libraries that you depend on. However, attempting to actually update those libraries that the system provide tends to have a cascading failure effect where you end up further breaking your system because other items installed by the distribution rely on that older version.
Further more, the new installed version is not known to the system package manager, so they will often times step on each other toes, overwriting files so that you end up with the old version the next time the system publishes a patched version of that library.
My recommendation would be to isolate yourself using a virtual environment. If you're currently building or using system packages, then something like dh-virtualenv can be used to help marry the virtual environment with the system packaging tools. This will let you gain the isolation from virtualenv while still using the system tooling (including things like depending on system C libraries, etc).
The text was updated successfully, but these errors were encountered: