Hi Alice, thanks for dropping in and sharing your perspective. Although I believe there's a bit of miscommunication here.
If you're already happy developing purely using a virtualenv - this post doesn't apply. This is specifically about the solution to a problem that only occurs if you have dependence on both pip and Debian python packages.
My suggestions is an alternative to using '--break-system-packages', or going entirely venv. There are cases where the latter may not be preferable or even possible. Not all python libraries are packaged on pip and security patches are applied to Debian packages by the security team - even when upstream is non-responsive. It might be more important for programs running in a privileged environment to have security updates auto applied than than other concerns.
My suggestion avoids installing pip packages globally, so it won't break anything outside of the project in the case that improper version constraints are used.
Regardless, I'd love to hear back from you. If you think I'm missing something, please let me know. Alternatively, if you have suggestions on how I can be more clear on the limitations of my suggestion, that'd be awesome.
Hi Alice, thanks for dropping in
Hi Alice, thanks for dropping in and sharing your perspective. Although I believe there's a bit of miscommunication here.
If you're already happy developing purely using a virtualenv - this post doesn't apply. This is specifically about the solution to a problem that only occurs if you have dependence on both pip and Debian python packages.
My suggestions is an alternative to using '--break-system-packages', or going entirely venv. There are cases where the latter may not be preferable or even possible. Not all python libraries are packaged on pip and security patches are applied to Debian packages by the security team - even when upstream is non-responsive. It might be more important for programs running in a privileged environment to have security updates auto applied than than other concerns.
My suggestion avoids installing pip packages globally, so it won't break anything outside of the project in the case that improper version constraints are used.
Regardless, I'd love to hear back from you. If you think I'm missing something, please let me know. Alternatively, if you have suggestions on how I can be more clear on the limitations of my suggestion, that'd be awesome.