Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Pip should not be run with sudo like described in the readme

See original GitHub issue

Checklist

I’m reporting a broken site support issue
I’ve verified that I’m running youtube-dl version 2021.12.17
I’ve checked that all provided URLs are alive and playable in a browser
I’ve checked that all URLs and arguments with special characters are properly quoted or escaped
I’ve searched the bugtracker for similar bug reports including closed ones
I’ve read bugs section in FAQ

Verbose log

Description

In the readme under “Installation” it says:

You can also use pip:

sudo -H pip install --upgrade youtube-dl

In the download instructions it says:

You can also use pip:
sudo pip install --upgrade youtube_dl

However, pip shouldn’t be run with sudo, including due to security reasons. See also: https://github.com/sahib/rmlint/issues/543

The security reasons for not running pip with sudo are described here.

It’s also not necessary for installing youtube-dl.

Hence, the readme and the website should be changed to have sudo removed from there.

Moreover, as youtube-dl is in the Debian repositories, the download instructions should add info about installation from there, like "Users of Debian can also install it from the repositories, e.g. with sudo apt-get install youtube-dl.

Issue Analytics

State:
Created 2 years ago
Comments:17 (4 by maintainers)

Top GitHub Comments

1reaction

ghostcommented, Jan 11, 2022

Other than that, they could simply be closed with a copypasted explanation that the version in Debian’s repos is outdated and users need to check whether the problem occurs in the latest version.

So I meant that it would waste developer’s time.

I don’t think installation section needs to provide every piece of information to any kind of users. Be it as simple and common to platforms. If anything about PATH to write, “adjust PATH environment variable as needed” or so should be enough.

Of course I’m not in a position to update the README, this is just my personal opinion.

1reaction

Cebtenzzrecommented, Jan 9, 2022

I don’t see why installing something system-wide should be the recommended default if there is no distro package available, official or otherwise. pip install --user youtube-dl works just fine for a single user as long as ~/.local/bin is on their PATH, and doesn’t pollute the system with root-owned files not tracked by the package manager or risk giving root access to a malicious actor. Running pip as root is also a bad habit to get users into, even if youtube-dl is safe.