What Does "The Following Packages Will Be Superseded by a Higher Priority Channel" Mean

  • Home
  • Languages
  • Python
  • What Does "The Following Packages Will Be Superseded by a Higher Priority Channel" Mean

The following packages will be SUPERCEDED by a higher-priority channel

The command you're writing is

conda install -c anaconda flask

conda install tells Conda to install a package (obviously), and flask is the name of the package. Although you may not have any channels listed in your .condarc file, you are telling conda to use a specific channel and give it the highest priority with the -c anaconda part of that command. So conda install goes out to the web and finds the best package matches that it can, taking into account that you're telling it that it should prefer packages from the anaconda channel. However, the anaconda channel doesn't have flask=0.12 on it, the highest version they have (for your platform) is flask=0.11.1. You can see here for a list of all the versions that they have available on that channel: https://anaconda.org/anaconda/flask/files

So here's what's happening

conda install -c anaconda flask=0.12

goes to look for all the packages it can find from the anaconda channel. It can't find flask=0.12 for your platform, so since you have it installed, it does nothing. However, it does find versions of conda and conda-env on that channel, so it decides to download them from the anaconda channel, because you gave it the highest priority, even though the version is lower.

conda install -c anaconda flask

also goes to look for all the packages it can find from the anaconda channel. Since you didn't specify a version for flask, conda looks for the most recent version it can find on the channel that you specified. Since you already have flask installed from a different channel (in this case, the defaults channel), installing the version from the anaconda channel will supercede the version you have.

while installing tensorflow-datasets in anaconda; packages will be SUPERSEDED by a higher-priority channel:

Is this ok? Does it causes any issue in future, if yes can someone
suggest remedies, please.

It doesn't cause any issue. By default, conda prefers packages from a higher priority channel over any version from a lower priority channel. Therefore, you can now safely put channels at the bottom of your channel list to provide additional packages that are not in the default channels and still be confident that these channels will not override the core package set.

Conda collects all of the packages with the same name across all listed channels and processes them as follows:

  1. Sorts packages from highest to lowest channel priority.
  2. Sorts tied packages---packages with the same channel priority---from highest to lowest version number.
  3. Sorts still-tied packages---packages with the same channel priority and same version---from highest to lowest build number.
  4. Installs the first package on the sorted list that satisfies the installation specifications.

You can refer for a list of all the versions that are available for ca-certificates and certifi.

For more information on manage channels you can refer here

Is conda-forge safe?

Why does Conda Forge take precedence?

Conda aggressively updates security-related packages. In particular, see

$ conda config --describe aggressive_update_packages
# # aggressive_update_packages (sequence: primitive)
# #   env var string delimiter: ','
# #   A list of packages that, if installed, are always updated to the
# #   latest possible version.
# # 
# aggressive_update_packages:
#   - ca-certificates
#   - certifi
#   - openssl

This means that whenever the user requests a mutating operation on an environment, Conda will check if there is a higher priority version of any of those packages available. Whenever one uses the --channel, -c flag, it places that channel at the highest priority. Hence, the command

conda install -c conda-forge ...

run on an environment that had previously only ever used defaults channel will trigger some packages to switch to conda-forge as a source.

Is Conda Forge trustworthy?

Yes. However, every user/organization must assess their own risk and it is beyond the scope of this forum to provide a full security analysis of Conda Forge.

In lieu of that, it may be worth outlining relevant Conda Forge procedures that mitigate against compromised packages.

Security overview

While Conda Forge is open to community submissions from anyone, the following are some practices that help ensure the safety of the channel:

  • Gatekeeping. New packages must pass a review by trusted team members before being accepted and distributed by Conda Forge. For most packages, users are encouraged to use recipe-generating scripts that work downstream of other trusted repositories (e.g., PyPI, CRAN).

    Once approved, only submitters and core members have maintainer rights. Arbitrary users can submit Pull Requests to any feedstock, but again these must be reviewed and accepted by maintainers.

  • Transparent Supply Chain. All recipes are open-source and all builds are performed on CI infrastructure with open logs. Any package build on the conda-forge channel can be fully audited back to the URL that the recipe used to build it.

  • Siloed Feedstocks. Each feedstock only has an ability to upload packages for that feedstock. This is enforced by using a cf-staging channel where builds are first sent. A bot then assesses that the submitting feedstock has permission to build the package it has submitted, and only then will it relay the build to the conda-forge channel.

    This helps mitigate against a bad actor gaining access to an inconspicuous feedstock and then trying to push a build with malicious code into essential infrastructure packages (e.g., openssl or python).

I am sure more could be said, but hopefully that is a sufficient start.

Anaconda trusts Conda Forge

It may also be worth pointing out that many Anaconda package recipes are forks from Conda Forge feedstocks. This includes each of the security packages recipes (certifi, openssl, ca-certificats).

What is the difference between codes to Update Jupyter Notebook in Anaconda

The difference here is in the channels used. According to the docs, by default, your anaconda installation is configured to look in the channels

main
r
msys2 (on windows)
free (conda<4.7)

The anaconda channel is only a mirror of main, so it is not needed when doing conda install and can even lead to the strange behavior you are seeing. When multiple channels are specified, conda - by default - has a strict channel priority, meaning that packages will always be installed from the first channel they are available from. See here for more details.

Now let's take a look at the commands you use

conda install -c anaconda jupyter
conda update jupyter

The first command prepends the anaconda channel to your list of channels, making it the highest priority channel. This will result in all packages being installed from the anaconda channel (which you can also see when doing conda list or in the output of the installation).

In the second command, only the default channels are used, making main the highest priority channel. Two things are now happening, which you both see in your output The following packages will be SUPERSEDED by a higher-priority channel: happens because conda now things all packages should be coming from main, even if the same version is already installed from the anaconda channel due to the channel priority. The following packages will be UPDATED: happens either because there actually is a higher version available on the main channel (which was previously ignored because of anaconda having higher priority in the previous command) or the build number differs and conda just treats it as a higher version, e.g. anaconda::jupyter-1.0.0-py39haa95532_7 --> pkgs/main: er-1.0.0-py39haa95532_8

Takeaway
There should be no real need to explicitly state -c anaconda but if you use it, you need to do so on subsequent calls also, otherwise a lot of packages will be reinstalled frequently. Alternatively, you can disable the strict channel priority, but that could slow down the solving step of conda.

As for the difference between install and update: They will both attempt to install the newest version, but behave differently for packages that are not installed. See also this post

conda install h3 still fails on import

You only installed the library and binaries, i.e. this. You need to install the python bindings, i.e. this. You can do so with:

conda install -c conda-forge h3-py

Related Topics

Python 3.4.3 Modules Installation in Linux Error

Request Uac Elevation from Within a Python Script

What Do *Args and **Kwargs Mean

Why Is the Pygame Animation Is Flickering

Fast Punctuation Removal with Pandas

Sys.Argv[1] Meaning in Script

Nested List Indices

How Does Asyncio Actually Work

Django Multivaluedictkeyerror Error, How to Deal with It

How to Merge a List of Dicts into a Single Dict

Why Can't Python Sockets Resolve Url's with Http in It

How Is Python's List Implemented

Using Pandas to Pd.Read_Excel() for Multiple Worksheets of the Same Workbook

What Are "Named Tuples" in Python

Replacing Instances of a Character in a String

How to Print the Value of a Tensor Object in Tensorflow

How to Use Ec.Presence_Of_Element_Located((By.Id, "Mydynamicelement")) Except to Specify Class Not Id

Differencebetween a String and a Byte String


Leave a reply



Submit