[Python-Dev] Direction of PyChecker
Just van Rossum
Sat, 11 Aug 2001 10:17:31 +0200
A couple of days ago, Guido wrote:
> I would like PyChecker to use a fundamentally different way of
> scanning modules. I believe that it currently imports the module and
> then scans the module's __dict__ for classes and functions, and
> analyses their bytecode. That's fragile, dangerous (if you don't know
> what a module does you may not want to import it), [ ... ]
[Off topic] The same seems to be true for pydoc in http-serving mode.
It just imports any .py on sys.path, when doco is requested for it.
Although pydoc is *really* cool, this aspect scares me a bit...
(I guess if the port pydoc is listening to is visible from the outside
world, it better run as a user with very limited permissions, right?)
(Hm, that makes me think that it may be a good practice to name scripts
that are not supposed to be imported so that they *can't* be imported?)