> instead of checking for what's already installed

Plenty of software come with their own Python runtime. Even Blender uses its own Python runtime. I can name so many apps with embedded Python runtime: Blender, Houdini, Bitwig, Substance Painter, Krita, etc. Checking for what's already installed isn't the norm. In Krita's case, it uses installed Python to build it... and in the building process it builds another Python runtime for its own!

This app should have probably bundled the runtime instead of downloading a new one though.

> install its own vendored dependencies

> lead to both security and performance issues

npm install and pip -r theoretically have the same kind of security issue. How many projects on github run this kind of command during build process? My guess is in the order of millions.

▲ throw_await an hour ago | parent [-]

All reasonable Linux distro will patch these stupid things to usw the system interpreter.

▲ raincole an hour ago | parent | next [-]

It's not how it works. You can just install whichever linux distro of your favorite, download blender or krita, and see it uses its own python by default yourself.

And thankfully it's not how it works. If it were it'd break plugin ecosystems of many apps completely.

	▲	ajsnigrutin an hour ago \| parent [-]
		gentoo (a lot of lines removed): `$ strace blender-4.4 .. openat(AT_FDCWD, "/usr/lib64/libpython3.13.so.1.0", O_RDONLY\|O_CLOEXEC) = 3 ... openat(AT_FDCWD, "/usr/lib/python3.13", O_RDONLY\|O_NONBLOCK\|O_CLOEXEC\|O_DIRECTORY) = 12 ...` No issues with plugins

▲ Gormo an hour ago | parent | prev [-]

And even if the build scripts are downloading deps, having the application itself install dependencies to the user's home directory at runtime is unheard of.