On Wed, May 11, 2022 at 10:24:17AM -0400, Robbie Harwood wrote: > Ben Cotton <bcot...@redhat.com> writes: > > > :Don’t prepend a potentially unsafe path to `sys.path`: > > If this is a safety/security issue, why not just make it the default for > python itself?
Yeah, I agree. I think Python upstream should own up to the fact that adding '.' to sys.path was always a mistake. Just ask a random user: is echo 'import sys; print(sys.version)' >/tmp/test.py python /tmp/test.py safe to execute on a multi-user system? Zbyszek P.S. If we can't get the proper fix, this Change proposal is better than nothing. So I'll vote +1 on the proposal. But I think we can do better. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
