Ubuntu
python-pip package

Policy violation with respect to ensurepip

Bug #1955729 reported by cetus
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-pip (Ubuntu)
New
Undecided
Unassigned

Bug Description

Description: Ubuntu 21.10
Release: 21.10
Package version: libpython3.9-stdlib 3.9.7-2build1

Module 'ensurepip' is missing from the standard Python library.

According to the Debian Python Policy, section 2.5,

"Modules that would interfere with system package management (for example
ensurepip, when used outside virtual environments) are modified to print a
message explaining the problem and recommending alternatives."

However, in practice this module is not provided at all:

$ python3.9
Python 3.9.7 (default, Sep 10 2021, 14:59:43)
[GCC 11.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import ensurepip
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ModuleNotFoundError: No module named 'ensurepip'
>>>

Of course, it would have been much better if pip and ensurepip were included in the default Python installation, which is what absolutely everyone expects; and this could also help avoid contradicting the official Python documentation. But if they are not included, I think users at least deserve to know why and how to work around this limitation. Particularly considering that the python3-pip package may not always be a suitable workaround (see bug #1955727).

Thank you.

Revision history for this message
Stefano Rivera (stefanor) wrote :

There's no sensible way to use ensurepip on Debian, outside a virtualenv. So I don't think it's much of a workaround for #1955727.

Revision history for this message
cetus (nikita-schmidt) wrote :

Ah ok, I see. Effectively, the python package is not intended for direct end user consumption. If I understand correctly, it is provided solely as a dependency of other packages in the distribution, or for creating virtual environments for end users. I used to be dismissive of python virtual environments; partly because one never knew what was the right way to make them this week, and partly because of their reputation as a tool to provide specific fixed module versions to applications that would break if a newer version was installed. However, I agree that it is a valid means for resolving the inherent conflict between distribution packaging and pip, and a useful way of making python end-user friendly, short of manually downloading and installing a fully independent variant from the internet. And python3-venv is installable via apt (if I correctly understand that this is currently the recommended way of creating virtual environments).

I'd still prefer to see some explanation given whenever anything to do with pip is invoked at the system level, as the policy requires, including recommended ways to deal with it.

Revision history for this message
Sorin Sbarnea (ssbarnea) wrote :

That breach of python stdlib makes use of python on Ubuntu really questionable. I wonder if PSF should add a big banner on their python page mentioning that "Debian/Ubuntu Python distributions are incomplete." to warn others.

The reasons I seen so far do not hold much water, especialy as `ensurepip` module has a `--user`, switch, especially for installing in user-land.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.