Never use sudo with pip . This follows on from the first point. If you think you need to use sudo, you’re probably trying to modify a distribution-owned file. See point 1.
Which I have been saying for several years.
I’m not sure if it will solve it, but first step I suggest is to remove the sudo from all instances where pip3 is invoked with in the OEM/emoncms repositories and ensure pip3 is called on all update scripts so any missing packages will be installed.
My 2p FWIW. Perl has an excellent system for managing system and user installations and vendor versus site installations that has worked well for many years. Given that shining example, it’s a pity the python world has managed to get itself into such a mess over such topics
So the RPF are recommending the use of sudo with pip(3) and I guess that is for the reasons I give in the other thread, to install the packages system-wide, in the same way the distro package manager does.
As pointed out in the other thread this is right can of worms and the use of sudo is desirable to get the pip installed packages to align with the distro installed python packages. The “purists” advice in that discussion is good if you have also done all the other recommendations and are running everything under your own user and in a virtual env.
I hope that page is not changed, unless a better way of managing the packages is rolled out first. The simple way to avoid using sudo pip is don’t install any python packages that cannot be installed via the OS package manager. Just not using sudo will cause many more issues than the relatively low chance of malicious code being run as root, TBH, even if the package was installed under a non-root user, most scripts (on here) tend to be run by root or as pi with sudo. So the malicious code could still get in and be run as root.
Again I point out I’m not saying it’s right, but it’s definitely the lesser evil and a necessary evil IMO.
