R. David Murray added the comment: Since Raymond is the person who tends to object most strongly to warning boxes in the docs, let's get his opinion on this. I'm not sure that the warning box is necessary, the text may be sufficient. On the other hand, this *is* a significant insecurity vector.
As far as the text goes, I'd combine the two paragraphs and introduce the text from the second one with "Alternatively, ...". And if it isn't a warning box, the the language should be refocused to be positive: "Use the Popen module with shell=False to avoid the common security issues involved in using unsanitized input from untrusted sources..." ---------- nosy: +r.david.murray, rhettinger _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue21557> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
