Python 3.9 to 3.10 validation and cleanup

Its the only thing that could. And it has an almost certainty that it would.
Sorry to you @Kevin77

1 Like

Yes. Ha ha. No big deal. Timeshift to the rescue.

Not a problem. All is well and good now :+1:

1 Like

Okay… so just to circle back to my original question/resolution… I won’t miss anything listed (pre-update) via python 3.9 pip freeze --user > pip_list_user.txt so I can feel good about $ rm -rdv /home/<userid>/.local/lib/python3.9?

And although it’s odd one file was left in /usr/lib/python3.9… I can remedy that with $ sudo rm -rdv /urs/lib/python3.9?

that’s a really positive attitude :beers: i switched to testing branch 2 days ago so i had got this update but came to know about this pip stuff just know (missed the testing announcement earlier). i have no aur package that uses python. the system python packages were automatically upgraded and i manually upgraded the ones installed via pip. important thing is nothing is broken (yet) :wink:

1 Like

All Stable and Testing Announcement threads with similar entries have been edited. :safety_vest:

2 Likes

the question about ‘pip’ results was raised in testing

I thought I’d share what I’ve written down about my understanding of the whole python update/readiness process… but as I wasn’t able to figure out how to upload an ODT/PDF, maybe a screenshot would be appreciated.

Major Python Version Updates.odt

Note: Click the image once to open in an “image box”, then optionally click once more to maximize for optimal reading

1 Like

The next line said words to the effect of “do not do it”.

I’m not sure who “they” is, but the capture of what was written was a “before you do” consideration, not “do not do” warning…

I agree it was definitely a statement to make one stop and think… but I wouldn’t like it to a cautionary tale about dangers ahead.

Thankfully I didn’t execute that command :wink: and now that the wiki posts have been updated others shouldn’t be tempted to run it going forward either

Thats not really what that line says. Its closer to saying ‘do this but with caution’.
Thing is … there is no real case for doing that … it only produces false results and then 'sudo pip install’s everything on that list - which would be bad for any pip package on any day, but even worse now that you would be attempting to overwrite repo packages as well.
sudo pip may make sense only in the case that someone properly set up a virtual environment.
But that wasnt mentioned anywhere in those instructions so I have to conclude it was simply written out of a fundamental misunderstanding.
Ultimately those notes should not have been added in that form at all.

not sure who “they” is

The pip documentation, for one.

As for “the next line”, I should have said “the next few lines”.
Depends when/where it was copied from my original version;
I did strengthen the “don’t do it” message later on, IIRC.

I wrote it in the 2021-12-28 testing announcement, and expected problems to be picked up there.
Was working it out for myself, as I thought I might have installed some in system python by mistake.

Later in the process I found that pip freeze picks up packages that pip did not install, as you can read here

Years ago I followed the advice on pip.pypa.io and many other places, simply “pip install package”, which must be intended for Windows users, as it fails in Linux with a permission error. When it failed I simply used sudo, didn’t know it was dangerous. And last week I was forgetting that there had been malware on PyPI.

And here I leave this…

https://wiki.archlinux.org/title/Python

2 Likes

I’m glad you were chiming in on the test branches @j77h. I’ve been watching all the branch discussions so I’d have a good sense of what was coming down the pike for Stable… and I started paying extra attention once the [Unstable Update] 2021-12-13 - Python 3.10 Rebuilds post was made because I had a feeling a significant change like that deserved more attention and forethought than just clicking “Apply” in the pamac GUI’s upgrade tab.

I made it clear, eventually, not to do “sudo pip install”,
and left “sudo pip freeze” there, as it only makes a list.
But for speedy people who don’t read carefully, it wasn’t clear enough I guess.

I was surprised when (apparently) Phil moved my wiki post entry to the top, and emphasized it (in testing).

Now I’m surprised that complaints didn’t happen until it got into stable – no-one noticed potential problems in testing, although I wrote posts about it…

I only noticed because of this post (and then retroactively changed the testing posts back through early december) … I dont usually pay attention to release/update announcements, especially on Stable or Testing … and on Unstable we dont have the ‘common problems/fixes’ wiki thing.

1 Like

Off topic, and only view the image if there is a good sense of humour and understanding that it’s meant to bring a smile in times of seemingly thankless efforts.

At my old job, I started getting sick of the proverbial “attaboy’s” that managers seemed to think we lived off of… so I started bringing some reality and humour to it by sharing the following image with my colleagues after we’d solve a tough problem… even in some cases where what we’d accomplished wasn’t really noticed by management.

Certificate...

AttaBoy

1 Like

It really exists, and some of the actual code is revealed here.
Scroll down to “noblesse payload #2”, and see how easy it is
to steal passwords and credit card numbers saved in Chrome !

Still baffles me that people use these features … especially for sensitive things.
Its sorta funny when a friend can easily log into your email account because you left your machine on … its worse when it is easy to dupe users … its even worse when it can be accomplished by a drive-by (simply visit a page that somehow has malicious code injected) without extra protections … which are of course the same users that store things that way, dont configure security, and wont notice a problem until its too late.

But we should be fair here - when it comes to installing packages … especially 3rd party ones … the user should consider what it is they are installing…
(If you cant decipher the install/application or trust the source … the only safe thing is dont install)

1 Like

More or less what I learned with AUR packages… at least look at the PKGBUILD file to try get a sense of what it’s doing before installing. For example, if it looks like it’s going somewhere weird/unexpected to download some files, that’s a sign to abort.

Even more baffling is that “responsible” corporations offer them.

Have never allowed a browser to save anything for me, out of sheer precaution,
and didn’t know until now how easily they could have been stolen.
(I use KeePassXC with a strong password; hope it’s safe enough.)

Those exploits don’t need root access,
so even ‘pip install --user’ must be used with great care.

1 Like