On Tue, 29 Oct 2019 at 22:42, Steven D'Aprano <st...@pearwood.info> wrote: > I expect that with a bit more thought I could come up with some more > scenarios where the behaviour of Python programs could change in very > surprising ways.
If you add a module with the same name as a stdlib module to sys.path, current semantics are that the stdlib wins. The proposed semantics would allow the added module to *add* functions (in effect). Consider a malicious module that adds names that match common typos for stdlib functions. Such a module could cause a typo in user code to trigger an exploit, rather than simply failing. While unlikely to happen, this has the potential to be a new security vulnerability. Paul _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/SVLKWQBLIY5GZUCP7L4HW7TVUZLR7QAO/ Code of Conduct: http://python.org/psf/codeofconduct/
