On 5-11-2016 19:08, eryk sun wrote: > On Sat, Nov 5, 2016 at 5:33 PM, Irmen de Jong <irmen.nos...@xs4all.nl> wrote: >> I think perhaps we should have a command line option / environment variable >> to be able >> to disable 'eval' altogether.... > > I don't think that's practical. exec and eval are commonly used by > shells and IDEs such as IDLE and IPython. In the standard library, > importlib and namedtuple are two important users of exec. Just try > `import builtins; del builtins.exec, builtins.eval`. >
Perhaps. But in those cases you could just leave things on the default. If you choose to run the interpreter with eval (and exec) disabled, you should be aware that you'll break tools like that. But for other situations (web server etc) it could still be useful? I do agree that not being able to use namedtuple (and perhaps other things from the stdlib) is a problem then. It was just a thought Irmen -- https://mail.python.org/mailman/listinfo/python-list
