The following packages will be SUPERCEDED by a higher-priority channel
The command you're writing is
conda install -c anaconda flask
conda install
tells Conda to install a package (obviously), and flask
is the name of the package. Although you may not have any channels listed in your .condarc
file, you are telling conda to use a specific channel and give it the highest priority with the -c anaconda
part of that command. So conda install
goes out to the web and finds the best package matches that it can, taking into account that you're telling it that it should prefer packages from the anaconda
channel. However, the anaconda
channel doesn't have flask=0.12
on it, the highest version they have (for your platform) is flask=0.11.1
. You can see here for a list of all the versions that they have available on that channel: https://anaconda.org/anaconda/flask/files
So here's what's happening
conda install -c anaconda flask=0.12
goes to look for all the packages it can find from the anaconda
channel. It can't find flask=0.12
for your platform, so since you have it installed, it does nothing. However, it does find versions of conda
and conda-env
on that channel, so it decides to download them from the anaconda
channel, because you gave it the highest priority, even though the version is lower.
conda install -c anaconda flask
also goes to look for all the packages it can find from the anaconda
channel. Since you didn't specify a version for flask
, conda
looks for the most recent version it can find on the channel that you specified. Since you already have flask
installed from a different channel (in this case, the defaults
channel), installing the version from the anaconda
channel will supercede the version you have.
while installing tensorflow-datasets in anaconda; packages will be SUPERSEDED by a higher-priority channel:
Is this ok? Does it causes any issue in future, if yes can someone
suggest remedies, please.
It doesn't cause any issue. By default, conda prefers packages from a higher priority channel over any version from a lower priority channel. Therefore, you can now safely put channels at the bottom of your channel list to provide additional packages that are not in the default channels and still be confident that these channels will not override the core package set.
Conda collects all of the packages with the same name across all listed channels and processes them as follows:
- Sorts packages from highest to lowest channel priority.
- Sorts tied packages---packages with the same channel priority---from highest to lowest version number.
- Sorts still-tied packages---packages with the same channel priority and same version---from highest to lowest build number.
- Installs the first package on the sorted list that satisfies the installation specifications.
You can refer for a list of all the versions that are available for ca-certificates and certifi.
For more information on manage channels you can refer here
Is conda-forge safe?
Why does Conda Forge take precedence?
Conda aggressively updates security-related packages. In particular, see
$ conda config --describe aggressive_update_packages
# # aggressive_update_packages (sequence: primitive)
# # env var string delimiter: ','
# # A list of packages that, if installed, are always updated to the
# # latest possible version.
# #
# aggressive_update_packages:
# - ca-certificates
# - certifi
# - openssl
This means that whenever the user requests a mutating operation on an environment, Conda will check if there is a higher priority version of any of those packages available. Whenever one uses the --channel, -c
flag, it places that channel at the highest priority. Hence, the command
conda install -c conda-forge ...
run on an environment that had previously only ever used defaults channel will trigger some packages to switch to conda-forge as a source.
Is Conda Forge trustworthy?
Yes. However, every user/organization must assess their own risk and it is beyond the scope of this forum to provide a full security analysis of Conda Forge.
In lieu of that, it may be worth outlining relevant Conda Forge procedures that mitigate against compromised packages.
Security overview
While Conda Forge is open to community submissions from anyone, the following are some practices that help ensure the safety of the channel:
Gatekeeping. New packages must pass a review by trusted team members before being accepted and distributed by Conda Forge. For most packages, users are encouraged to use recipe-generating scripts that work downstream of other trusted repositories (e.g., PyPI, CRAN).
Once approved, only submitters and core members have maintainer rights. Arbitrary users can submit Pull Requests to any feedstock, but again these must be reviewed and accepted by maintainers.
Transparent Supply Chain. All recipes are open-source and all builds are performed on CI infrastructure with open logs. Any package build on the conda-forge channel can be fully audited back to the URL that the recipe used to build it.
Siloed Feedstocks. Each feedstock only has an ability to upload packages for that feedstock. This is enforced by using a cf-staging channel where builds are first sent. A bot then assesses that the submitting feedstock has permission to build the package it has submitted, and only then will it relay the build to the conda-forge channel.
This helps mitigate against a bad actor gaining access to an inconspicuous feedstock and then trying to push a build with malicious code into essential infrastructure packages (e.g.,
openssl
orpython
).
I am sure more could be said, but hopefully that is a sufficient start.
Anaconda trusts Conda Forge
It may also be worth pointing out that many Anaconda package recipes are forks from Conda Forge feedstocks. This includes each of the security packages recipes (certifi, openssl, ca-certificats).
What is the difference between codes to Update Jupyter Notebook in Anaconda
The difference here is in the channels used. According to the docs, by default, your anaconda installation is configured to look in the channels
main
r
msys2 (on windows)
free (conda<4.7)
The anaconda
channel is only a mirror of main
, so it is not needed when doing conda install
and can even lead to the strange behavior you are seeing. When multiple channels are specified, conda - by default - has a strict channel priority, meaning that packages will always be installed from the first channel they are available from. See here for more details.
Now let's take a look at the commands you use
conda install -c anaconda jupyter
conda update jupyter
The first command prepends the anaconda
channel to your list of channels, making it the highest priority channel. This will result in all packages being installed from the anaconda
channel (which you can also see when doing conda list
or in the output of the installation).
In the second command, only the default channels are used, making main
the highest priority channel. Two things are now happening, which you both see in your output The following packages will be SUPERSEDED by a higher-priority channel:
happens because conda
now things all packages should be coming from main, even if the same version is already installed from the anaconda
channel due to the channel priority. The following packages will be UPDATED:
happens either because there actually is a higher version available on the main
channel (which was previously ignored because of anaconda
having higher priority in the previous command) or the build number differs and conda just treats it as a higher version, e.g. anaconda::jupyter-1.0.0-py39haa95532_7 --> pkgs/main: er-1.0.0-py39haa95532_8
Takeaway
There should be no real need to explicitly state -c anaconda
but if you use it, you need to do so on subsequent calls also, otherwise a lot of packages will be reinstalled frequently. Alternatively, you can disable the strict channel priority, but that could slow down the solving step of conda
.
As for the difference between install
and update
: They will both attempt to install the newest version, but behave differently for packages that are not installed. See also this post
conda install h3 still fails on import
You only installed the library and binaries, i.e. this. You need to install the python bindings, i.e. this. You can do so with:
conda install -c conda-forge h3-py
Related Topics
Python 3.4.3 Modules Installation in Linux Error
Request Uac Elevation from Within a Python Script
What Do *Args and **Kwargs Mean
Why Is the Pygame Animation Is Flickering
Fast Punctuation Removal with Pandas
How Does Asyncio Actually Work
Django Multivaluedictkeyerror Error, How to Deal with It
How to Merge a List of Dicts into a Single Dict
Why Can't Python Sockets Resolve Url's with Http in It
How Is Python's List Implemented
Using Pandas to Pd.Read_Excel() for Multiple Worksheets of the Same Workbook
What Are "Named Tuples" in Python
Replacing Instances of a Character in a String