STINNER Victor <victor.stin...@gmail.com> added the comment: > Since the directory is where the code that is being executed exists don't you > have to implicitly trust that directory is secure? Otherwise how can you even > trust the code you're choosing to execute?
The question is if the following example must work with -I: --- vstinner@apu$ mkdir directory vstinner@apu$ echo "import submodule" > directory/__main__.py vstinner@apu$ echo 'print("submodule", __file__)' > directory/submodule.py vstinner@apu$ python3 directory submodule directory/submodule.py vstinner@apu$ python3 -I directory submodule directory/submodule.py --- Do you expect that "python3 directory" allows imports from directory/? The second question is if directory must be prepended to sys.path (start), or if it must be appended to sys.path (end)? Prepend allows to override stdlib imports, whereas append risks of conflicts with others paths in sys.path and so loading the "wrong" submodule. For example, I still expect to run __main__ from directory in the following example: --- vstinner@apu$ mkdir other vstinner@apu$ echo "print('other main')" > other/__main__.py vstinner@apu$ PYTHONPATH=other python3 directory submodule directory/submodule.py --- ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32324> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com