Is there a way to switch off or prevent autodownload of binaries from imageio ? about imageio HOT 10 CLOSED

Hi @Zulko! What'd be the use-case? Would these users like to use their native installed ffmpeg binary?

Would it suffice to prevent downloading via an environment variable? That should be easy to fix.

from imageio.

Thanks ! Actually using a native ffmpeg binary is not a problem (I think imageio doesn't overwrite the native ffmpeg). I think it's more to be sure that nothing (ffmpeg or anything else) gets automatically downloaded on the server. Automatic dowloads can be unwelcome for safety or security reasons I guess.

from imageio.

Ok, I understand. So do you think (or could you ask) whether disabling it via an environment variable would do the trick?

from imageio.

Ah sorry I didn't answer that. Yes an environment variable would do the trick.

from imageio.

I have ffmpeg installed on my computer but imageio still complains that it cannot find it and proceeds to download its own copy.

Also is it really considered a good practice to download binaries from the internet without the user's explicit permission? I see two major problems with this:

1. Polluting the user's home directory with additional files is not a good practice. Typically it is expected that pip uninstall should leave the system in its original state without any residues, but in this case the downloaded files will never be cleaned up.
2. Downloading executable code could be a serious security vulnerability especially if there is a probabiliyty that the server where that code is hosted becomes compromised. Third party binaries like ffmpeg should always be downloaded from trusted repositories, and not from custom self-hosted ones.

If you insist on downloading the binaries, I would suggest you do it during the setup.py install stage when the user has granted permission for the package to be installed and it is expected that files will be written, and not during the import stage of a module when the user doesn't expect any major side effects.

from imageio.

@drufat Yes, I won't argue it's ideal, though not uncommon for apps to download stuff automatically to the home dir (e.g. I believe Chrome updates itself in a similar way). Installing everything during installation solves some of the issues, but then imageio becomes a huge package for someone who just wants to read a jpg ...

from imageio.

Actually, such an environment variable already exists: IMAGEIO_NO_INTERNET

from imageio.

I think we need some documentation on environment variables.

from imageio.

Fixed in #86

from imageio.

Thanks !

from imageio.