[Python-Dev] PEP 338 vs PEP 328 - a limitation of the -m switch
Guido van Rossum
guido at python.org
Sun Jun 18 23:49:48 CEST 2006
On 6/18/06, Phillip J. Eby <pje at telecommunity.com> wrote:
> >You have a point about sys.path being special. It could be the
> >current directory instead of the package directory.
> Mightn't that be a security risk, in that it introduces an import hole for
> secure scripts run with -m? Not that I know of any such scripts existing
> as yet...
That sounds like an invented use case if I ever heard of one. YAGNI, please!
> If it's not the package directory, perhaps it could be a copy of whatever
> sys.path entry the package was found under - that wouldn't do anything but
> make "nearby" imports faster.
But it could theoretically affect search order for other modules. I
still see nothing wrong with "". After all that's also the default if
you run a script using python <path/to/file.py .
--Guido van Rossum (home page: http://www.python.org/~guido/)
More information about the Python-Dev