On 11. 05. 22 15:27, Ben Cotton wrote:
https://fedoraproject.org/wiki/Changes/PythonSafePath
== Summary ==
The [https://docs.python.org/3.11/using/cmdline.html#cmdoption-P `-P`
flag] will be added to the Python shebang macros
(`%{py3_shbang_opts}`, `%{py3_shebang_flags}`, ...). Packages that
ad
Changing the default in Python was discussed multiple times over the
last 20 years. Every time, it was said that it's convenient and it's
not worth it to break use cases to increase the default security.
Python 3.4 already has -I (isolated mode) which imply Python 3.11 -P
option, but it also impli
Dne 11. 05. 22 v 20:45 Chris Adams napsal(a):
Once upon a time, Zbigniew Jędrzejewski-Szmek said:
Yeah, I agree. I think Python upstream should own up to the fact that
adding '.' to sys.path was always a mistake.
Yeah, perl bit that bullet a while ago now, dropping '.' from @INC.
It's really
On 11. 05. 22 18:37, Daniel P. Berrangé wrote:
On Wed, May 11, 2022 at 10:24:17AM -0400, Robbie Harwood wrote:
Ben Cotton writes:
:Don’t prepend a potentially unsafe path to `sys.path`:
If this is a safety/security issue, why not just make it the default for
python itself?
I presume that
On 11. 05. 22 16:24, Robbie Harwood wrote:
Ben Cotton writes:
:Don’t prepend a potentially unsafe path to `sys.path`:
If this is a safety/security issue, why not just make it the default for
python itself?
I would like that, but -P is what we have now. If we pioneer this in Fedora,
maybe
Once upon a time, Zbigniew Jędrzejewski-Szmek said:
> Yeah, I agree. I think Python upstream should own up to the fact that
> adding '.' to sys.path was always a mistake.
Yeah, perl bit that bullet a while ago now, dropping '.' from @INC.
It's really the only sane default.
--
Chris Adams
__
On Wed, May 11, 2022 at 10:24:17AM -0400, Robbie Harwood wrote:
> Ben Cotton writes:
>
> > :Don’t prepend a potentially unsafe path to `sys.path`:
>
> If this is a safety/security issue, why not just make it the default for
> python itself?
I presume that approach is considered too disruptive t
> On 11 May 2022, at 15:25, Robbie Harwood wrote:
>
> Ben Cotton writes:
>
>> :Don’t prepend a potentially unsafe path to `sys.path`:
>
> If this is a safety/security issue, why not just make it the default for
> python itself?
It will break normal user use of python.
There is an expectat
On Wed, May 11, 2022 at 10:24:17AM -0400, Robbie Harwood wrote:
> Ben Cotton writes:
>
> > :Don’t prepend a potentially unsafe path to `sys.path`:
>
> If this is a safety/security issue, why not just make it the default for
> python itself?
Yeah, I agree. I think Python upstream should own up t
Ben Cotton writes:
> :Don’t prepend a potentially unsafe path to `sys.path`:
If this is a safety/security issue, why not just make it the default for
python itself?
Be well,
--Robbie
signature.asc
Description: PGP signature
___
devel mailing list --
https://fedoraproject.org/wiki/Changes/PythonSafePath
== Summary ==
The [https://docs.python.org/3.11/using/cmdline.html#cmdoption-P `-P`
flag] will be added to the Python shebang macros
(`%{py3_shbang_opts}`, `%{py3_shebang_flags}`, ...). Packages that
adhere to those macros will change their Pyt
11 matches
Mail list logo