Steve Dower <steve.do...@python.org> added the comment:
It's a security issue because Python 3.8 says it will open files to be executed with io.open_code() instead of open(). This allows a way to bypass that. That said, this appears to be a fallback case, so I'm not hugely concerned. I haven't quite figured out why it would fall back here (that involved reading the pkgutil sources ;) ). I would vote for backporting to 3.8.1, but if Tal wants to push back and nobody else has an opinion then whatever. ---------- nosy: +christian.heimes _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue38722> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com