On Wed, May 11, 2022 at 10:24:17AM -0400, Robbie Harwood wrote: > Ben Cotton <bcotton@xxxxxxxxxx> writes: > > > :Don’t prepend a potentially unsafe path to `sys.path`: > > If this is a safety/security issue, why not just make it the default for > python itself? I presume that approach is considered too disruptive to users. I know I'm running python apps which relying on './someapp' being able to import modules under './'. Typically this is where I've checked out $random git repo and don't want to actually run a full install of it, instead just run straight from git, so I can switch branches at will. It would be pretty annoying if this broke, despite the understandable security benefit. This proposal at least gets the security benefits for all system shipped stuff, without breaking anything the user has been using from non-packaged locations. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
