[Python-3000] Radical idea: remove built-in open (requireimport io)

Guido van Rossum guido at python.org
Fri May 18 18:44:54 CEST 2007

On 5/18/07, Robert Brewer <fumanchu at amor.org> wrote:
> Guido van Rossum wrote:
> > Do people think it would be too radical if the built-in open()
> > function was removed altogether, requiring all code that opens files
> > to import the io module first? This would make it easier to identify
> > modules that engage in I/O.
> I must be dense, because I don't see how the proposal "makes it easier
> to identify modules that engage in I/O". Who's supposed to be doing the
> identification and when? And how will it not be fooled by __import__ and
> plain 'ol cross-module references?

I wasn't thinking of this from a security POV -- more from the
perspective of trying to understand roughly what a module does.
Looking at the imports is often a good place to start. If you see it
importing socket, that's kind of a hint that it might need the
network. If you see it importing io or os, that would be a similar
hint that it might access the filesystem. Of course, if you see it
import some other module you will have to understand what that module
does (or put it on your stack for later), and so on.

--Guido van Rossum (home page: http://www.python.org/~guido/)

More information about the Python-3000 mailing list