Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.mixmin.net!rt.uk.eu.org!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <rosuav@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.040
X-Spam-Evidence: '*H*': 0.92; '*S*': 0.00; 'model,': 0.05; 'subject:Python': 0.06; 'bug.': 0.09; 'subject: [': 0.09; 'uses.': 0.09; 'cc:addr:python-list': 0.11; 'complaining': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'option:': 0.16; 'sat,': 0.16; 'wrote:': 0.18; 'library': 0.18; 'app': 0.19; 'basically': 0.19; 'example': 0.22; 'aug': 0.22; 'cc:addr:python.org': 0.22; 'install': 0.23; 'library,': 0.24; 'cc:2**0': 0.24; 'header:In-Reply-To:1': 0.27; 'michael': 0.29; 'chris': 0.29; 'feature': 0.29; 'am,': 0.29; 'message- id:@mail.gmail.com': 0.30; '(which': 0.31; '(perhaps': 0.31; '(unless': 0.31; 'directory,': 0.31; 'so-called': 0.31; 'steven': 0.31; 'option': 0.32; 'another': 0.32; 'updated': 0.34; "can't": 0.35; 'but': 0.35; 'received:google.com': 0.35; 'application': 0.37; 'subject:]': 0.38; 'files': 0.38; 'greatest': 0.60; 'upgrading': 0.60; 'break': 0.61; 'managers': 0.61; "you're": 0.61; 'first': 0.61; 'such': 0.63; 'more': 0.64; 'needing': 0.65; 'results': 0.69; 'user,': 0.69; 'prime': 0.74; 'choices.': 0.84; 'horrible': 0.84; 'installer': 0.84; 'demand': 0.91; 'to:none': 0.92
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=z0sXgBs+CB+pswiELjcumOHinLeEE/M4mshZzydoegk=; b=rFaOgBOkee7o/qHukh4GGE0w4yS283+j3NP7OwlZH7oBsOLnthIZeJmQ8S8he8TVqe k+1kLgYSRcCWRl+8OXQbTb0g+8aZrTuuh6+GLnJSJ+PeGDhCnqlwnQT2+8EuVydtHHty rR4Ylp4QRAMtSAARb3HkqmKMLBvkufLgXfIlNX2d+Rnj71Sijy21laVc9o/jibBSB+Fg DII63cVJPuzBHdxZ0qhYHCunScxoDp1E17fH1VecfTXFc/ZjoFRQVgu/Hv57iTF56orr OD5VIcXGIwRdx7JxLjjeD6uMMhM53gD2h1V0Bs88uNduD5loi9BPSskWBF/EYUhVBwoa 3qTA==
MIME-Version: 1.0
X-Received: by 10.42.216.148 with SMTP id hi20mr11386498icb.12.1406936896730; Fri, 01 Aug 2014 16:48:16 -0700 (PDT)
In-Reply-To: <53DBF6FC.6020004@gmail.com>
References: <mailman.10416.1401304999.18130.python-list@python.org> <53c57bae$0$9505$c3e8da3$5496439d@news.astraweb.com> <87iomy4ciy.fsf@elektro.pacujo.net> <53c5f6dc$0$9505$c3e8da3$5496439d@news.astraweb.com> <87egxl4zq8.fsf@elektro.pacujo.net> <mailman.11880.1405520883.18130.python-list@python.org> <c3cd4600-9c22-4261-b7bf-ac325dbf4e6c@googlegroups.com> <53c73ff0$0$29897$c3e8da3$5496439d@news.astraweb.com> <9ef930a0-5a41-4a20-a13a-003c9e8246fe@googlegroups.com> <lq87i5$3ae$5@speranza.aioe.org> <fe0e9719-3829-4d96-8a42-fcb0f30c4cdb@googlegroups.com> <53c9655a$0$9505$c3e8da3$5496439d@news.astraweb.com> <368c1e4f-9328-445b-9876-9f26560a50c2@googlegroups.com> <53ca1e27$0$9505$c3e8da3$5496439d@news.astraweb.com> <20140801131035.f672ac56af3aa4eda5d36dcd@gmx.net> <CAPTjJmr1p-PA9iyKTQc304SQzikZKpE97vbgQ4B_v=O_=ODK3A@mail.gmail.com> <CAAu18hdwAbotcC37wSgtuNt4NUvyqvZH8v+5tzFjZBKRt4_bjw@mail.gmail.com> <CAPTjJmo0CAGVQGXVDKrDBeLJRF1o9nbvOHm7wHcxsn4-CiXJXw@mail.gmail.com> <53DBF6FC.6020004@gmail.com>
Date: Sat, 2 Aug 2014 09:48:16 +1000
Subject: Re: Python and IDEs [was Re: Python 3 is killing Python]
From: Chris Angelico <rosuav@gmail.com>
Cc: "python-list@python.org" <python-list@python.org>
Content-Type: text/plain; charset=UTF-8
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.12527.1406936904.18130.python-list@python.org>
Lines: 27
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1406936904 news.xs4all.nl 2863 [2001:888:2000:d::a6]:49115
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:75505

On Sat, Aug 2, 2014 at 6:22 AM, Michael Torrie <torriem@gmail.com> wrote:
> On 08/01/2014 08:39 AM, Chris Angelico wrote:
>> The installer has basically three choices.
>> 1) Install libnettle inside the application directory
>> 2) Install libnettle to some system library directory
>> 3) Don't install libnettle, and demand that someone else (perhaps the
>> user, or the system package manager) install it.
>>
>> Option 1 results in duplications. (Unless one application is allowed
>> to access a library in another application's directory, which is a
>> HORRIBLE mess.) Option 2 is exactly what you're complaining about,
>> scattering files all over the FS. And option 3 is what package
>> managers are for. What are you advocating?
>
> Option 1 also is a huge security hole.  A prime example of this was the
> so-called heartbleed bug.  In such a model, each app that distributes
> openssl in the app bundle has to be updated or it is at risk.  This
> turns out to be a huge vulnerability.

More generally, that's exactly what Steven said about needing every
package to update before you can confidently say it's updated. But
that's also the greatest feature of the first option: you can't break
this application by upgrading that library, because only upgrading the
application (which hopefully will have been tested by the author) will
upgrade the library it uses.

ChrisA