The recent redhat-rpm-config change and you
Peter Jones
pjones at redhat.com
Tue Jun 21 19:16:10 UTC 2005
On Tue, 2005-06-21 at 15:06 -0400, John Dennis wrote:
> On Tue, 2005-06-21 at 14:36 -0400, Peter Jones wrote:
> > On Tue, 2005-06-21 at 14:18 -0400, John Dennis wrote:
> > > On Tue, 2005-06-21 at 14:07 -0400, Peter Jones wrote:
> > >
> > > > It does? I don't _think_ I've changed anything related to that...
> > >
> > > It depends on how the interpreter reads the file, imports are compiled.
> >
> > So we probably want to think very hard about making it _not_ do that
> > unless you try very hard.
>
> Why do you want to defeat this feature? If python is properly packaged
> in the rpm and the security policy is aware of where the python files
> are and who can write them then I don't see a problem. I only see a
> problem when these constraints are violated (albeit too frequently).
1) it's trivially easy to create the .pyc/.pyo if you need to
2) in most cases they'll be there already, because with python's
"everything is built in" model, most python modules will be packages on
the system, and thus brp-python-bytecompile will have been run.
3) not doing automatic pycompile at runtime means we don't need to worry
about security contexts and perms of generated files at all, even for
things that aren't packaged...
Maybe we should also drop one of the 2-line python bytecompile programs
into /usr/bin, as a convenience for those that are running noticeable
amounts of python that aren't packaged. (Really, though, I have fairly
low amounts of sympathy for that usage model.)
--
Peter
More information about the Fedora-maintainers
mailing list