On 30/03/2021 19.01, Barry Warsaw wrote:
Thank you for your submission of PEP 648 (Extensible customizations of the interpreter at startup). The Python Steering Council has reviewed the PEP and before we can pronounce on it, we have some additional questions and comments we’d like you to address. Once these questions are settled, we are requesting that you post the PEP to python-dev for another round of comments.
could you please include a security analysis of the feature, too? I would like to avoid new ways to exploit Python.
In particular I don't think that -S (no site module) is the right way to disable __sitecustomize__. It disables too much useful features. It might be a good idea to disable __sitecustomize__ with -I (isolated mode).
There should be a new audit event, too.