youtube-dl: Pip should not be run with sudo like described in the readme

Checklist

  • I’m reporting a broken site support issue
  • I’ve verified that I’m running youtube-dl version 2021.12.17
  • I’ve checked that all provided URLs are alive and playable in a browser
  • I’ve checked that all URLs and arguments with special characters are properly quoted or escaped
  • I’ve searched the bugtracker for similar bug reports including closed ones
  • I’ve read bugs section in FAQ

Verbose log

Description

In the readme under “Installation” it says:

You can also use pip:

sudo -H pip install --upgrade youtube-dl

In the download instructions it says:

You can also use pip:
sudo pip install --upgrade youtube_dl

However, pip shouldn’t be run with sudo, including due to security reasons. See also: https://github.com/sahib/rmlint/issues/543

The security reasons for not running pip with sudo are described here.

It’s also not necessary for installing youtube-dl.

Hence, the readme and the website should be changed to have sudo removed from there.

Moreover, as youtube-dl is in the Debian repositories, the download instructions should add info about installation from there, like "Users of Debian can also install it from the repositories, e.g. with sudo apt-get install youtube-dl.

About this issue

  • Original URL
  • State: open
  • Created 2 years ago
  • Comments: 17 (4 by maintainers)

Most upvoted comments

Other than that, they could simply be closed with a copypasted explanation that the version in Debian’s repos is outdated and users need to check whether the problem occurs in the latest version.

So I meant that it would waste developer’s time.

I don’t think installation section needs to provide every piece of information to any kind of users. Be it as simple and common to platforms. If anything about PATH to write, “adjust PATH environment variable as needed” or so should be enough.

Of course I’m not in a position to update the README, this is just my personal opinion.

+1
ghost on Jan 11, 2022

I don’t see why installing something system-wide should be the recommended default if there is no distro package available, official or otherwise. pip install --user youtube-dl works just fine for a single user as long as ~/.local/bin is on their PATH, and doesn’t pollute the system with root-owned files not tracked by the package manager or risk giving root access to a malicious actor. Running pip as root is also a bad habit to get users into, even if youtube-dl is safe.

+1
cebtenzzre on Jan 9, 2022
Read more comments on GitHub
← youtube-dl: overwritten class _request is not providing expected attributes (commit: 648dc53)
youtube-dl: [pornhub.com] ValueError: unknown url type: /*c783868bc0e01f259bca*/c783868bc0e01f259bca/*fdcbae*/... →