On Wed, 11 May 2016 at 04:35 Thomas Heller <theller@ctypes.org> wrote:
Am 10.05.2016 um 19:39 schrieb Brett Cannon:
On Tue, 10 May 2016 at 01:18 Martin Panter <vadmium+py@gmail.com <mailto:vadmium%2Bpy@gmail.com>> wrote:
I am working on <https://bugs.python.org/issue22636>, to fix shell injection problems with ctypes.util.find_library(). The proposal for Python 3 is to change os.popen(shell-script) calls to use subprocess.Popen().
However the Python 2.7 version of the module has a comment which says “This file should be kept compatible with Python 2.3, see PEP 291.” Looking at <https://www.python.org/dev/peps/pep-0291/>, it is not clear why we have to maintain this compatibility. My best guess is that there may be an external ctypes package that people want(ed) to keep compatible with 2.3, and also keep synchronized with 2.7.
That's correct and the maintainer is/was Thomas Heller who I have cc'ed to see if he's okay with lifting the restriction.
For me it is totally ok to lift this restriction.
Great! I'll also update PEP 291.