On 11. 05. 22 18:37, Daniel P. Berrangé wrote:
On Wed, May 11, 2022 at 10:24:17AM -0400, Robbie Harwood wrote:
Ben Cotton <bcotton@xxxxxxxxxx> writes:
:Don’t prepend a potentially unsafe path to `sys.path`:
If this is a safety/security issue, why not just make it the default for
python itself?
I presume that approach is considered too disruptive to users.
I know I'm running python apps which relying on './someapp' being
able to import modules under './'. Typically this is where I've
checked out $random git repo and don't want to actually run
a full install of it, instead just run straight from git, so I
can switch branches at will. It would be pretty annoying if this
broke, despite the understandable security benefit.
This proposal at least gets the security benefits for all system
shipped stuff, without breaking anything the user has been using
from non-packaged locations.
I've added this to https://fedoraproject.org/wiki/Changes/PythonSafePath#Feeedback
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure