ArcGIS Pro Install Failure 2.1 - 2.3.x and McAffee rules

4057
12
Jump to solution
06-28-2019 08:52 AM
DavidColey
Frequent Contributor

Hello - Warning! This post contains profanity!

We just discovered something very disturbing in the installation packages preventing Pro installs of 2.1  - 2.3.x.  Running the install as an administrator from the installation package, or running an un-install from control panel on windows 10 machines - both the install and and uninstalls fail in a very disturbing location.

Specifically, the install / uninstall fails at this location during the runtime:

C:\Program Files\ArcGIS\Pro\bin\Python\envs\arcgispro-py3\Lib\site-packages\notebook\static\components\codemirror\mode\brainf**k\brainf**k.js

I'm sure everyone understands what letters the '**' is referring to. 

The file is inaccessible through any js or readers like notepad ++, even with admin rights.  Regardless, I wouldn't care that the name contains profanity only that this is where install - uninstalls are failing!

First off, what developer would ever name a directory and a js file with that name??!!

Someone at esri needs to look into this ASAP!

Thanks

Tags (1)
12 Replies
DavidWatkins
Esri Contributor

Thank you for bringing this to our attention.  We have been including an open source Python merge module that contains a folder/file named with an offensive English word for multiple releases.  Esri apologizes for this.  This is not malware and we are not aware of any security vulnerabilities caused by this file at this time.

 

For more information on this file please see the following.  We will release more information as it becomes available.

- David Watkins, ArcGIS Pro Product Manager

JohnGrubb
New Contributor

Are you kidding me? Come on ESRI, there's really no excuse for this kind of vulgarity. Not exactly professional, besides being blocked by security policies. The vulgar content issue is simple - edit it. It's under an MIT license that states you can do pretty much anything you want with it, as long as you include the copyright notice. Get rid of the offensive words. I'm sure you can handle it, technically. 

0 Kudos
ThomasColson
MVP Frequent Contributor

Python package management is a nightmare, and I know so little about it I just let Python do its thing. Taking what is for me the rare step of defending the software here, Python package authors are pretty much free to name things whatever the heck they want, and the package consumers (in this case the developer of ArcGIS Pro) have to eat crow. In terms of vulgarity, this ranks pretty low in terms of what our org pays attention to, as it doesn't cross the line of "Protected Class Harassment". Pick your battles, and upvote https://community.esri.com/ideas/13658-please-add-go-to-xy-to-arcgis-pro (which still isn't implemented!).