On Thu, Jun 12, 2014 at 2:00 AM, R. David Murray <rdmurray@bitdance.com> wrote:

Also notice that using a list with shell=True is using the API
incorrectly. It wouldn't even work on Linux, so that torpedoes
the cross-platform concern already :)

This kind of confusion is why I opened http://bugs.python.org/issue7839.

I thought exactly about that. Usually separate arguments are used to avoid

problems with escaping of quotes and other stuff.

I'd deprecate subprocess and split it into separate modules. One is about

shell execution and another one is for secure process control.

shell execution module then could build on top of process control and be

insecure by design.