[Python-Dev] PEP 338 vs PEP 328 - a limitation of the -m switch

Guido van Rossum guido at python.org
Sun Jun 18 23:49:48 CEST 2006

On 6/18/06, Phillip J. Eby <pje at telecommunity.com> wrote:
> >You have a point about sys.path[0] being special. It could be the
> >current directory instead of the package directory.
> Mightn't that be a security risk, in that it introduces an import hole for
> secure scripts run with -m?  Not that I know of any such scripts existing
> as yet...

That sounds like an invented use case if I ever heard of one. YAGNI, please!

> If it's not the package directory, perhaps it could be a copy of whatever
> sys.path entry the package was found under - that wouldn't do anything but
> make "nearby" imports faster.

But it could theoretically affect search order for other modules. I
still see nothing wrong with "". After all that's also the default if
you run a script using python <path/to/file.py .

--Guido van Rossum (home page: http://www.python.org/~guido/)

More information about the Python-Dev mailing list