Bug #1904

third-party package managers should not install into /usr/bin

bill-auger - over 5 years ago - . Updated about 1 year ago.

% Done:



this is an insidious source of bugs - it is one thing such as with guix for the third-party package manager to replace system software in a non-destructive and easily reversible way; but in the case of 'pip' and 'npm' specifically, these are know to blindly clobber files installed by the system package manager - packages installed using these programs are not part of the OS and should be made to install into /usr/local or /opt if not an unprivileged location - the FHS makes this fairly clear


The /usr/local hierarchy is for use by the system administrator when installing software locally. It needs to be safe from being overwritten when the system software is updated. It may be used for programs and data that are shareable amongst a group of hosts, but not found in /usr.
Locally installed software must be placed within /usr/local rather than /usr unless it is being installed to replace or upgrade software in /usr. [27]
[27]: Software placed in / or /usr may be overwritten by system upgrades (though we recommend that distributions do not overwrite data in /etc under these circumstances). For this reason, local software must not be placed outside of /usr/local without good reason.

Related issues

Related to Packages - Freedom Issue #1035: [your-system-sanity]: Non-Free Software From Third-party Package Managers (TPPM)in progress




Updated by bill-auger over 5 years ago

oaken-source found this open issue


Updated by bill-auger about 4 years ago

  • Related to Freedom Issue #1035: [your-system-sanity]: Non-Free Software From Third-party Package Managers (TPPM) added

Updated by bill-auger about 4 years ago

'your-system-sanity' #1035 is the current proposed solution for this


Updated by bill-auger about 1 year ago

parabola no longer distributes 'pip' or 'rubygems' (#1035) - likely, most others will follow soon - any remaining (perhaps haskel cabal) should be checked and possibly patched, to close this ticket

Also available in: Atom PDF