11 Jun
2014
11 Jun
'14
9 p.m.
On Thu, Jun 12, 2014 at 2:00 AM, R. David Murray <rdmurray@bitdance.com> wrote:
Also notice that using a list with shell=True is using the API incorrectly. It wouldn't even work on Linux, so that torpedoes the cross-platform concern already :)
This kind of confusion is why I opened http://bugs.python.org/issue7839.
I thought exactly about that. Usually separate arguments are used to avoid problems with escaping of quotes and other stuff. I'd deprecate subprocess and split it into separate modules. One is about shell execution and another one is for secure process control. shell execution module then could build on top of process control and be insecure by design.