[Distutils] Finally making distlib handle spaces

Paul Moore p.f.moore at gmail.com
Sat May 20 15:59:26 EDT 2017

On 20 May 2017 at 15:45, Radon Rosborough <radon.neon at gmail.com> wrote:
> ===================================
> Justifications and counterarguments
> ===================================

While you make a good case countering the issues you quote, I think
there's an important issue you haven't addressed, and I'd like to hear
your comments on it:

The current behaviour fails, as you note, but it does so in a
"standard" way - shebang behaviour (and its limitations) is
well-known. At the moment, your proposal is just to use "an
alternative" launch process. Without a specific proposal, it's
impossible to judge whether the solution is better than the current
situation. And indeed, any proposed solution needs to demonstrate that
it doesn't have security vulnerabilities or other issues that make it
just as much a problem as the status quo (if not more).

For example, I would have thought that "#!/usr/bin/env sh" runs the
risk of picking up a malicious sh executable injected into the user's
PATH. Also, different systems use different sh implementations - so
care would need to be taken to only code in the lowest common
denominator syntax.

I suggest that the next step needs to be to propose a specific
implementation of the wrapper. The specifics can then be debated, but
you'd need a pretty solid proposal - otherwise the discussion will
descend into multiple proposals and bikeshedding, and is likely to
stall without achieving anything.

One other point, which I'd hope is obvious. On Windows (where shebang
processing is handled by the wrapper exe, and is well defined and
robust) there should be no change to the current behaviour.


More information about the Distutils-SIG mailing list