|
ahmeni posted:removing pip should be grounds for losing your ability to upload packages though pip is loving terrible see also: cpan, rubygems
|
# ? Nov 7, 2015 15:25 |
|
|
# ? May 26, 2024 01:46 |
|
every python thing i've ever installed has been missing dependencies
|
# ? Nov 7, 2015 16:13 |
|
Notorious b.s.d. posted:pip is loving terrible Why's pip so bad? i like it its easy to install packages with. also when i pip install something i never have missing dependencies except for maybe gevent one time
|
# ? Nov 7, 2015 16:30 |
|
Feral Integral posted:Why's pip so bad? i like it its easy to install packages with. also when i pip install something i never have missing dependencies except for maybe gevent one time it downloads C code from the internet and compiles it with whatever it finds locally running 'pip install foo' on two very similar boxes can produce wildly different installed artifacts
|
# ? Nov 7, 2015 16:37 |
|
pip/gems/cpan are extra special fun when you want to fix security holes oh oops these systems all compiled their own local patched versions of libxml that the package system doesn't know about
|
# ? Nov 7, 2015 16:38 |
|
alternatively: wait 4 years for your package to be accepted in debian
|
# ? Nov 7, 2015 19:11 |
|
which will also have a patched libxml
|
# ? Nov 7, 2015 19:11 |
|
Notorious b.s.d. posted:it downloads C code from the internet and compiles it with whatever it finds locally lol a pedantic argument with no impact on real people? smells like bsd wankery
|
# ? Nov 7, 2015 20:43 |
|
if you just put all your python stuff in a container you dont have to worry :docker:
|
# ? Nov 7, 2015 21:07 |
|
MALE SHOEGAZE posted:if you just put all your python stuff in a container you dont have to worry :docker: if your shop uses docker you've given up on security in general so gently caress it, ship it
|
# ? Nov 8, 2015 14:45 |
|
ahmeni posted:lol a pedantic argument with no impact on real people? smells like bsd wankery this is not the first time i've been told that caring about deployment or security was "wankery"
|
# ? Nov 8, 2015 14:46 |
|
|
# ? Nov 8, 2015 18:19 |
|
Notorious b.s.d. posted:if your shop uses docker you've given up on security in general so gently caress it, ship it there's some incredible magical belief you have that once your software is in debian, it is infinitely more secure than anything else i've never managed to get you to explain where that comes from
|
# ? Nov 8, 2015 18:20 |
|
Feral Integral posted:Why's pip so bad? i like it its easy to install packages with. also when i pip install something i never have missing dependencies except for maybe gevent one time pip will also lie about uninstalls, conflate versions, and is unable to look into 2 pypi's at the same time (despite commandline flags that indicate it should be able to do that) we had to build a loving wrapper around pip to fix all the above issues lmao :devops:
|
# ? Nov 8, 2015 18:49 |
|
golang people have a fetish for containers because it's a natural outgrowth of their fetish for static linking. Debian can't stop gratuitously loving around with upstream (c.f. their OpenSSH catastrophe) and would rather be bad at three things than good at one.
|
# ? Nov 8, 2015 19:15 |
|
Mr Dog posted:golang people have a fetish for containers because it's a natural outgrowth of their fetish for static linking. Debian can't stop gratuitously loving around with upstream (c.f. their OpenSSH catastrophe) and would rather be bad at three things than good at one. its because docker is written in golang and golang people fetishize software based on if it's written in golang or not and not because it's software that works well or is a good idea
|
# ? Nov 9, 2015 00:12 |
|
btw elastic beanstalk now supports go
|
# ? Nov 9, 2015 00:22 |
|
Cocoa Crispies posted:its because docker is written in golang and golang people fetishize software based on if it's written in golang or not and not because it's software that works well or is a good idea lol https://medium.com/google-cloud/my-ide-in-a-container-49d4f177de
|
# ? Nov 9, 2015 00:38 |
|
Suspicious Dish posted:there's some incredible magical belief you have that once your software is in debian, it is infinitely more secure than anything else i want your software to be in the package system i want a central manifest of everything installed on the box, so i can do simple things like find and replace vulnerable shared objects without wondering about hundreds others hiding in arbitrary paths now, that said, it's even better when software versions are managed by the OS vendor, because then i don't have to do any planning around searching or replacing, it will just happen automatically when the system is updated.
|
# ? Nov 9, 2015 00:54 |
|
also re: docker, a lesson none of the loving "container" flavors of the week learned from solaris was patching on solaris, the host system knew of the contents of all of its containers' package systems, regardless of the 'guest' OS revision. so you could still get system-wide vulnerability reports and handle patching at the host level, instead of dicking around with god knows how many zones
|
# ? Nov 9, 2015 00:58 |
|
omfg, let's just fetishize terrible poo poo on top of terrible poo poo why don't we? as soon as someone under the age of 40 says they use vi for anything other than convenience/ubiquity, their opinions are extremely suspect
|
# ? Nov 9, 2015 04:28 |
|
Notorious b.s.d. posted:also re: docker, a lesson none of the loving "container" flavors of the week learned from solaris was patching why the hell even use a system like docker instead of a full on hypervisor or virtual machine if you're not going to have that level of integration? there are good reasons Darwin sandboxing works the way it does, and it also doesn't pretend to be either a hypervisor or a virtual machine
|
# ? Nov 9, 2015 04:32 |
|
2015 year of docker on the desktop
|
# ? Nov 9, 2015 04:33 |
|
Notorious b.s.d. posted:i want your software to be in the package system i guess my question is why you trust the OS vendor to patch and update third-party software better than the software vendor.
|
# ? Nov 9, 2015 04:36 |
|
i've been considering making a tiny vm in kvm on my existing home server, which would have nothing but openvpn (always on) and dante socks proxy so that I could selectively push socks-capable apps on my home network through my vpn. i am aware this is a blunt tool for the job but i cbf messing around with routing rules. could docker, terrible as you make it sound, be a way of achieving same with less overhead than a dedicated vm?
|
# ? Nov 9, 2015 04:47 |
|
docker isnt terrible, and yes https://hub.docker.com/r/kylemanna/openvpn/ https://www.digitalocean.com/community/tutorials/how-to-run-openvpn-in-a-docker-container-on-ubuntu-14-04?utm_source=githubreadme
|
# ? Nov 9, 2015 04:56 |
|
pram posted:docker isnt terrible, and yes excellent, thanks. also i wasn't clear, i meant i just want to run openvpn *client* in the vm or container
|
# ? Nov 9, 2015 05:05 |
|
Notorious b.s.d. posted:i want your software to be in the package system this is why I despise any online instructions that require the use of pip, maven, cpan, etc just show me where to download the source code
|
# ? Nov 9, 2015 05:25 |
|
Suspicious Dish posted:i guess my question is why you trust the OS vendor to patch and update third-party software better than the software vendor. I only trust the software vendor to care about their software, not all the other software on my system working on a large system with lots of inter-dependencies, I know what a pain it is to manage them, but frankly the OS vendor has way more incentive to not ship a libwhatever that has a know CVE than a particular software vendor (and to also do so without breaking bincompat) also, being in the package system != from the software vendor, you can add a PPA for (say) your own integration team to manage dependencies, which I suspect is what someone like nBSD would do when faced with this issue
|
# ? Nov 9, 2015 08:21 |
|
celeron 300a posted:pip, maven, cpan, etc one of these things is not like the others
|
# ? Nov 9, 2015 12:43 |
|
I looked into scl as first mentioned by MrMoo itt but scl is kind of roundabout with the sourcing the context and poo poo so I decided to just go with epel and... well compiling python 3 from source sounds absurd and overkill but welp it really seems like the more straightforward solution for now
|
# ? Nov 9, 2015 13:37 |
|
which centos? 5 or 6, i cant blame redhat, but i was unhappy that python3 is not included in the default install of 7,s ince it's included in the fedora that rhel7 is based on speaking of which the default install of ubuntu server 15.10 does not include python2, and things are looking good for omitting py2 from the default desktop installs for 16.04 LTS
|
# ? Nov 9, 2015 13:50 |
|
Python is neo perl
|
# ? Nov 9, 2015 17:40 |
|
nah python 3 is actually usable, and used, in the real world, for real things, in a way perl 6 will likely never be
|
# ? Nov 9, 2015 18:58 |
|
python is at least pretty opinionated about what level of control the developer has over the language. perl goes to great lengths to let the programmer do whatever the hell they want.
|
# ? Nov 9, 2015 19:01 |
|
perl rules if you just want portable / saner bash. please do not write your application in it, though.
|
# ? Nov 9, 2015 19:48 |
|
Notorious b.s.d. posted:i want your software to be in the package system we could have had this ages ago, and we probably still will get it... eventually. I think the problem is distro devs who have an irrational hatred for "bundling". I mean, the kind of thing you mention is a solution to concerns about bundling, but you see, if we attempt to build the infrastructure to support such a thing, those drat users might use it to do bundling!! this always struck me as a real-world equivalent of "spider? burn the house down!" and I think it's had a disastrous effect on linux in general.
|
# ? Nov 9, 2015 22:40 |
|
juju bundles lol
|
# ? Nov 9, 2015 23:39 |
|
eschaton posted:omfg, let's just fetishize terrible poo poo on top of terrible poo poo why don't we? vim rules, sorry bout whatever series of lovely life events left you so broken
|
# ? Nov 10, 2015 00:01 |
|
|
# ? May 26, 2024 01:46 |
|
Lysidas posted:the fedora that rhel7 is based on red hat is based on fedora, really?
|
# ? Nov 10, 2015 00:59 |