Larry Hastings added the comment: I want to ship something, but I don't think it'll be either of those patches in their current form.
Maybe I'm dense, but I don't feel like I understand these patches. They have very different approaches. The first one attempts to rehabilitate the patch by running the browser directly instead of using "start"? Do the features added in issue 8232 still work? The second one just backs out the feature completely? The features added in issue 8232 are gone? And both patches switch from using subprocess.call(shell=True) to os.startfile(), which is the security hole David is talking about, which isn't actually what this bug is about. Do both patches fix the erroneous behavior observed by the original bug report, with "&" being interpreted as a shell command separator? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25005> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
