What to do about clobbering of packages in the prefix
See original GitHub issueWhat should we do when packages ship packages beyond themselves in site-packages. For instance if I have a package that ships itself and requests
in site-packages that means that conda may no longer control what requests
is installed, which could be problematic.
edit: this effects the entire prefix and we should address all of that at once
Issue Analytics
- State:
- Created 3 years ago
- Comments:18 (18 by maintainers)
Top Results From Across the Web
Why do we need -AllowClobber? | ACMESharp-docs
Now that we understand what clobbering is and why and when we need the -AllowClobber parameter, what about ACMESharp? ACMESharp uses the default...
Read more >conda update anaconda Fails | ClobberError - Stack Overflow
I am trying to update all conda packages. ... This path already exists in the target prefix, and it won't be removed by...
Read more >conda update <package...> - Fig.io
Options ; --clobber, Allow clobbering of overlapping file paths within packages, and suppress related warnings ; -C, --use-index-cache, Use cache of channel index ......
Read more >cmd - Go Packages
Command{ Use: "clobber", Short: "Clobber is a command-line application for ... Prefix = formatSpinnerText("Building base tools", false) runCommand("make -C" ...
Read more >conda-build — conda-build 3.21.7+0.gb98d7ec0.dirty documentation
Any variants with overlapping names within a build will clobber each other. ... depen- dency packages --prefix-length _PREFIX_LENGTH length of build prefix.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
You would have to edit the source code of conda-build/boa itself. I’m not certain if there are schemes to do that in a recipe but we could (and most likely should) have the build system hash itself when performing sensitive tasks. That way we can check if the build system was modified in some way during the build.
more difficult is not good enough here if we are calling this a security issue.