|
|
Subscribe / Log in / New account

Django debates user tracking

Django debates user tracking

Posted Dec 1, 2016 4:09 UTC (Thu) by distinguishedcorgi (guest, #100058)
Parent article: Django debates user tracking

>Since Django is shipped with Debian

I don't understand why GNU/Linux distributions ship Python libraries at all. Rather than being installed globally to the system, Python libraries should be packaged with the application in a virtualenv and managed with pip, Python's package manager. I'm not sure who is benefiting from Debian packaging Django -- as far as I can tell it does not make things easier for developers; they likely work on multiple projects with dependencies on different versions of these libraries.

to post comments

Django debates user tracking

Posted Dec 1, 2016 4:30 UTC (Thu) by pabs (subscriber, #43278) [Link]

https://enricozini.org/blog/2014/debian/debops/

Django debates user tracking

Posted Dec 1, 2016 19:28 UTC (Thu) by Felix (guest, #36445) [Link]

> I don't understand why GNU/Linux distributions ship Python libraries at all.

Well, it might be trivial to install some python-only library if you are using a virtualenv anyway. However I'm really glad that Fedora ships things like numpy, opencv, PyQT/PySide readily available. Also simplejson gets regular (security) updates which are too easy to miss if you just set up a virtualenv and leave it there.

Basically package managers like dnf/apt do a *way* better job than pip (with regards to keeping the system up-to-date). Oh, and they also ensure that you can actually trust the packages you installed. This is part of the reason why I really would like to see some combination of rpm/dnf (or deb/apt if they get there first) and virtualenv.

Django debates user tracking

Posted Dec 2, 2016 21:59 UTC (Fri) by mstone_ (subscriber, #66309) [Link]

ah, yes, the user-friendly automatic network based "install-and-never-ever-update-ever-again" model. it does have some down sides.

and it really blows for installing stuff on machines with limited network connectivity.

Django debates user tracking

Posted Dec 3, 2016 12:15 UTC (Sat) by valhalla (guest, #56634) [Link]

It may not make things easier for the developers, but surely it does make things much easier for the people (sysadmins, devops, whatever) who have to keep the project up and running and hopefully with a minimum amount of known vulnerabilities.

Also, it makes developer more confident that their machine is not running code from untrusted sources which could take control of it.

Or, if you want to read me ranting more in detail: https://www.trueelena.org/computers/articles/candy_from_s...

Django debates user tracking

Posted Dec 7, 2016 8:30 UTC (Wed) by debacle (subscriber, #7114) [Link]

I disagree completely. I never would want to have any libraries or tools installed by pip, gem, elpa, npm, and what not. My main reasons are:
  • I always want to have an overview about currently installed software. I want to be able to add, remove, upgrade packages. This is the case when I use one tool for all packages (here: apt), not when I have cluttered directories by different language specific tools.
  • I more or less trust my distribution (here: Debian), that it makes sure, the software has a free license, works with my system, is compatible with the rest of it, etc. In my experience as a packager, I know, that not all upstreams take license issues serious.
  • Most relevant here: I trust my distribution (here: Debian), that they would disable any "home phoning", even if upstream would have it enabled.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds