On 03Jun2021 17:06, Bernat Gabor
On Thu, Jun 3, 2021 at 5:05 PM Larry Hastings
wrote: On 6/3/21 4:20 AM, Chris Johns wrote: Might be out of context here, but IMHO "." shouldn't be assumed to be the current directory anyway.
As someone who has ported python to a system where it isn't, these assumptions tend to cause problems.
That sounds miserable. What does "." signify on such a system, if not the current directory?
The only other thing that would make sense is a folder in the current working directory named ".", not?
I can't speak for Chris Johns, and we're off topic for this thread.
That said, I dislike "." in sys.path, particularly near the front. In
fact my own "invoke this module's main" wrapper scripts strip it out. I
remain personally of the opinion that it is a security nightmare, making
imports _subject_ to the current directory (which might be anywhere,
include a directory owned by a hostile user). So i dislike it as a
default.
I know Robin becker is testing specific behaviour - I don't oppose being
_able_ to put "." in sys.path (though I think a concrete absolute path
is a saner choice).
So for Bernat and Larry: not systems where "." doesn't mean the working
directory, but definitely in situations where you want a more secure
loading of modules (i.e. only from where I expect, not destabilised by a
cd).
Cheers,
Cameron Simpson