Rather than being hopeful why not start running 'uv' inside sandbox?
Why does your python package (cli/Web server/library) need full access to your full disk at the time of execution?
Rather than being hopeful why not start running 'uv' inside sandbox?
Why does your python package (cli/Web server/library) need full access to your full disk at the time of execution?
You're doing all of your software development inside containers, all the time?
That is very inconvenient.
> That is very inconvenient.
All executions (especially of random third-party code) inside the containers are not inconvenient at all for me.
Infact, I even open-sourced my setup - https://github.com/ashishb/amazing-sandbox
I'd argue it's not only not inconvenient, but also a great way of keeping your system clean of all the random system-wide dependencies you'll end up accumulating over the years.
Devcontainers are looking pretty gold right now…
Why? Just open your entire editor/whatever inside a limited namespace and that's it no?
> Why? Just open your entire editor/whatever inside a limited namespace and that's it no?
How will that prevent `npm run dev` or `uv run python` from accessing files outside your current directory?
Do you know what linux namespaces are?
I do. It wasn't obvious that that's what you were referring to. If you use it regularly then that's great.
[dead]