STINNER Victor <victor.stin...@gmail.com> added the comment:
> Since the directory is where the code that is being executed exists don't you
> have to implicitly trust that directory is secure? Otherwise how can you even
> trust the code you're choosing to execute?
The question is if the following example must work with -I:
---
vstinner@apu$ mkdir directory
vstinner@apu$ echo "import submodule" > directory/__main__.py
vstinner@apu$ echo 'print("submodule", __file__)' > directory/submodule.py
vstinner@apu$ python3 directory
submodule directory/submodule.py
vstinner@apu$ python3 -I directory
submodule directory/submodule.py
---
Do you expect that "python3 directory" allows imports from directory/?
The second question is if directory must be prepended to sys.path (start), or
if it must be appended to sys.path (end)?
Prepend allows to override stdlib imports, whereas append risks of conflicts
with others paths in sys.path and so loading the "wrong" submodule.
For example, I still expect to run __main__ from directory in the following
example:
---
vstinner@apu$ mkdir other
vstinner@apu$ echo "print('other main')" > other/__main__.py
vstinner@apu$ PYTHONPATH=other python3 directory
submodule directory/submodule.py
---
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue32324>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
