[Python-ideas] [Python-Dev] If you shadow a module in the standard library that IDLE depends on, bad things happen
Steven D'Aprano
steve at pearwood.info
Sun Nov 1 06:44:03 EST 2015
On Sun, Nov 01, 2015 at 08:41:03AM +0200, Serhiy Storchaka wrote:
> On 01.11.15 08:06, Steven D'Aprano wrote:
[...]
> >Scripts which deliberately or unintentionally shadow installed packages
> >will break from this change. I don't have a problem with this. You can't
> >fix harmful behaviour without breaking code that depends on that harmful
> >behaviour. Additionally, I expect that those who rely on the current
> >behaviour will be in a small minority, much fewer than those who will be
> >bitten by accidental shadowing into the indefinite future.
>
> Unfortunately this is not such small minority
>
> https://code.openhub.net/search?s=%22sys.path.pop(0)%22&p=0
The search results contain MANY duplicates. For example, in the first
ten results, there are three duplicates of "common.py" from "kongove's
autotest", and two duplicates of "common.py" from "Chromium OS".
The first hit does:
sys.path.insert(0, path.dirname(__file__))
import objects
from objects import constants
sys.path.pop(0)
which seems to be a very common pattern: insert something into the start
of the path, then pop it out later. That's harmless, and won't be
effected by shifting where "" in inserted. So I think that this search
is not a good test for code that will be effected.
Besides, anyone who unconditionally pops the first item from sys.path is
already on shakey ground. You should not assume that the first item will
always be "", since it may have been changed before your code runs, e.g.
by the PYTHONSTARTUP file, usercustomize, etc. Now, we shouldn't break
people's code for no good reason, not even it it is already broken, but
we have a good reason: having "" at the start of sys.path breaks code
that inadvertently shadows other modules.
(And it may even be a security risk.)
--
Steve
More information about the Python-ideas
mailing list