My only concern is the systematic addition of the deadsnakes PPA without any explanation as to why that PPA can be trusted - and considerations on PPA trustability.
There's usually no reason to install python PPAs on Ubuntu systems unless you're trying to do something very specific - which is usually not the case for introductory code writing :-)
Note also that Ubuntu 22.04 includes support for python3.11 natively - you don't need deadsnakes ❌
apt-cache search python3.11 ✅ without the PPA shows it being present.
Additionally, see this dicussion on stackoverflow - it doesn't endorsedeadsnakes, but gives pointers to making the decision for onself, which is usually the approach for evaluating <arbitrary PPA>
(same questions arise for chocolatey, which is a community-supplied repository...)
Thanks for your response! On the topic of deadsnakes I do need deadsnakes because a future post in this series will talk about supporting multiple versions of python including Python 3.10 and maybe 3.12 or earlier versions. From the beginners perspective leaving this up to a package manager friendly interface just works out better than alternatives which can be more prone to error/confusing.
While I do agree that such places could be compromised and having knowledge about what you're downloading is important, putting it here wouldn't really get the message across (not to mention I'd be skeptical of the threat model). A beginner is going to be overwhelmed by that since I'm coming from the perspective of people who are getting adjusted to python in general. It would be better off as a dedicated conversation where a beginner is going to be able to digest it and actually
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Good write up!
My only concern is the systematic addition of the
deadsnakesPPA without any explanation as to why that PPA can be trusted - and considerations on PPA trustability.There's usually no reason to install python PPAs on Ubuntu systems unless you're trying to do something very specific - which is usually not the case for introductory code writing :-)
Note also that Ubuntu 22.04 includes support for python3.11 natively - you don't need
deadsnakes❌apt-cache search python3.11✅ without the PPA shows it being present.Additionally, see this dicussion on stackoverflow - it doesn't endorse
deadsnakes, but gives pointers to making the decision for onself, which is usually the approach for evaluating<arbitrary PPA>(same questions arise for chocolatey, which is a community-supplied repository...)
Hi Tai,
Thanks for your response! On the topic of deadsnakes I do need deadsnakes because a future post in this series will talk about supporting multiple versions of python including Python 3.10 and maybe 3.12 or earlier versions. From the beginners perspective leaving this up to a package manager friendly interface just works out better than alternatives which can be more prone to error/confusing.
On the security topic while I agree on the issues I recommended deadsnakes due to knowing what's going on ( github.com/deadsnakes/runbooks/ ) and the python chocolatey packages have python as trusted packages ( community.chocolatey.org/packages/... ) and I've read up on the recipes for them ( github.com/chocolatey-community/ch... ).
While I do agree that such places could be compromised and having knowledge about what you're downloading is important, putting it here wouldn't really get the message across (not to mention I'd be skeptical of the threat model). A beginner is going to be overwhelmed by that since I'm coming from the perspective of people who are getting adjusted to python in general. It would be better off as a dedicated conversation where a beginner is going to be able to digest it and actually