Bug #1904
third-party package managers should not install into /usr/bin
0%
Description
this is an insidious source of bugs - it is one thing such as with guix for the third-party package manager to replace system software in a non-destructive and easily reversible way; but in the case of 'pip' and 'npm' specifically, these are know to blindly clobber files installed by the system package manager - packages installed using these programs are not part of the OS and should be made to install into /usr/local or /opt if not an unprivileged location - the FHS makes this fairly clear
from: https://refspecs.linuxfoundation.org/FHS_2.3/fhs-2.3.html#USRLOCALLOCALHIERARCHY
The /usr/local hierarchy is for use by the system administrator when installing software locally. It needs to be safe from being overwritten when the system software is updated. It may be used for programs and data that are shareable amongst a group of hosts, but not found in /usr. Locally installed software must be placed within /usr/local rather than /usr unless it is being installed to replace or upgrade software in /usr. [27] [27]: Software placed in / or /usr may be overwritten by system upgrades (though we recommend that distributions do not overwrite data in /etc under these circumstances). For this reason, local software must not be placed outside of /usr/local without good reason.
Related issues
History
Updated by bill-auger almost 6 years ago
oaken-source found this open issue https://github.com/pypa/pip/issues/4625
Updated by bill-auger over 4 years ago
- Related to Freedom Issue #1035: [your-system-sanity]: Non-Free Software From Third-party Package Managers (TPPM) added
Updated by bill-auger over 4 years ago
'your-system-sanity' #1035 is the current proposed solution for this
Updated by bill-auger over 1 year ago
parabola no longer distributes 'pip' or 'rubygems' (#1035) - likely, most others will follow soon - any remaining (perhaps haskel cabal) should be checked and possibly patched, to close this ticket