STINNER Victor <vstin...@redhat.com> added the comment:
I modified posixpath.defpath, shutil.which() and distutils.spawn.find_executable() in 3.7 and master (future Python 3.8) branches. I close the issue. Thanks everybody for the review and helping me to collect info about corner cases! I chose to also change Python 3.7. IMHO there is a low risk of breaking applications: I expect that few users run Python with no PATH environment variable *and* expect that Python looks for programs in the current directory. But it enhances the security a little bit. For Python 2.7... well, I don't think that this issue is important enough to justify a backport. I prefer to do nothing rather than having to deal with unhappy users complaining that Python 2.7 changed broke their application in a minor 2.7.x release :-) Even if, again, the risk of regression is very low. ---------- resolution: -> fixed stage: patch review -> resolved status: open -> closed title: shutil.which() and subprocess no longer look for the executable in the current directory if PATH environment variable is not set -> On Unix, shutil.which() and subprocess no longer look for the executable in the current directory if PATH environment variable is not set _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue35755> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com