Matt Simmons
Chris Siebenmann
@standaloneSA Are they worse than other forms of deployment bundling and static linking for local apps? All need security issue tracking.
Dear #Python devs: I'm reading this: http://ow.ly/kbIcn - How are virtualenvs not a security nightmare?
-
-
-
@thatcks I agree, but it seems like it would encourage fragility, wouldn't it? I've got no experience to draw from in this case, though. -
@standaloneSA I see it as anti-fragility unless you have a lot of trust in your OS vendor's package updates to be totally stable. - View other replies
-
@thatcks I'm not against the idea, I'm just trying to identify the problems. I'm inherently skeptical, but hopeful, too ;-)
-
-
-
@standaloneSA Virtualenvs are really not much different than setting up chroots. Both can (but don't have to) be huge security problems -
@hexedpackets What's the best way to manage them, do you think? I'd rather not code against antique libraries if I forget about an env ;-) -
@standaloneSA They're good for isolation when testing new libraries/versions, but I delete them as soon as I know that everything works. -
@hexedpackets Cool. That makes a lot of sense to me. You want a stable environment while developing, for sure. Thanks!
-
-
-
@standaloneSA Please retweet any answers about#python#virtualenv . -
@fcannini Actually, it might just be better to click on the link and watch replies.
-
-
-
@standaloneSA I use them for dev only, never for prod deployment (that's what I've got VMs for :)). -
@robomuppet That makes sense. Is that standard procedure, or just a good idea? ;-) -
@standaloneSA Just common sense I think. I really hope it's not SOP (I work for a Ruby shop atm, Python's my language for personal projects)
-
hexedpackets
Fabricio Cannini
Nick Whalen
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.