[Python-3000] external dependencies (PEP 3131)
Jim Jewett
jimjjewett at gmail.com
Tue Jun 12 23:46:32 CEST 2007
On 6/11/07, Michael Urman <murman at gmail.com> wrote:
> I can't agree with this. The predictability of needing only to
> duplicate dependencies (version of python, modules) to ensure a
> program that ran over there will run over here (and vice versa) is too
> important to me.
This provides almost an exact analogy for locally allowed additional
scripts (scripts=writing systems, not .py files).
Your cherished assumption may already be false, depending on what is
in sitecustomize. sitecustomize is imported by site.py; it is not
overwritten by a new install; it can do arbitrary things.
In theory, you need to add sitecustomize to your list of dependencies.
In practice, it almost never exists, let alone does anything. But
you could use it if you wanted to...
By exact analogy:
In theory, you need to pre-authorize the characters used in your
identifiers, just as you have to set up your sitecustomize.
In practice, you generally won't need to change anything because ASCII
is enough. (Or if not, there will be a standard distribution for your
language community that already adds what you actually use.)
But if your local community does start using Tengwar, you are free to
add that too.
This script-permission file can last across installations, just like
sitecustomize does. And to be honest, from my perspective, a fine
spelling would be to just add it right to sitecustomize, perhaps as:
__allow_id_chars__("Kanji")
__allow_id_chars__("0x1043..0x1059")
__allow_id_chars__ should be restricted in Brett's security-conscious
build, but I think it is OK to expose it to normal python. If a
strange file does
__allow_id_chars__("0x1043")
up near the import block, that provides about the same level of
warning as use of "__builtin__", or "import *".
(That is, less warning than I would ideally prefer, but probably
enough to prevent *accidental* charset confusion.)
-jJ
More information about the Python-3000
mailing list