Hi Stefano, On Mon, Jan 26, 2015 at 05:12:42AM +0200, Stefano Rivera wrote: > I don't think I consider this bug to be RC. Debian packages have > declared dependencies on other Debian packages. Replacing one with > something newer from upstream, is quite likely to break things.
Thanks for responding. I do understand your reasoning behind not considering the bug for jessie. For the sake of documenting this bug better, I probably should have explained my reasoning a bit clearer. I'm afraid that the impact of the bug, particularly on upgrades, is likely to be pretty widespread: * On wheezy, if someone installs requests to system site-packages, pip will work fine. After an upgrade to jessie, pip is broken and cannot be fixed without rm-ing the appropriate directory (pip uninstall won't work, either). * As far as I'm aware, vendorizing (and on Debian, de-vendorizing) is new with the version of pip included with jessie, so the behavior that installing a different requests version (or some other devendorized library, such as colorama) can permanently break pip is new. * The default option is to install system-wide (i.e. --user is not implicit for non root, #725848), and site-packages installs are still very common, especially when one desires to have a Python binary packaged on PyPI installed system-wide. It's very easy for a user to back themselves into a corner, especially given that once requests has been installed, there is no easy or obvious way to fix pip. I wonder whether such a change should at least be documented in the release notes, even if we can't address it because of the freeze? > "sudo pip" on a Debian box is dangerous, don't do that, and rather use > virtualenvs, if you need to go off the beaten track. I agree with this, but I'm afraid that it's still a very common practice. It's not hard to find articles advising users to run `pip` as root, and I suspect that such recommendations will be the first result when an unsuspecting user searches pip errors on Google. Thanks and happy Monday, Chris _______________________________________________ Python-modules-team mailing list Python-modules-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
