[Python-ideas] [Python-Dev] subprocess not escaping "^" on Windows

Steve Barnes gadgetsteve at live.co.uk
Mon Jan 8 01:46:59 EST 2018

Reacting to:

>> No, I cannot. I just thought of a way to keep users from using
>> "shell=True". I *think* they do it after they experience that
>> "del" for instance is not found. They conclude "ah, I need the
>> shell", which is not true.
> Even putting aside the fact this is pure conjecture, the kind of people 
> who make decisions like this will find a zillion more ways to shoot 
> themselves in the foot. They don't need a cleaner syntax, they need to 
> learn the basics of programming in a high-level language to understand 
> how it's different from programming in the shell. In particular, why 
> spawning a subprocess for something covered by a library function is a 
> bad idea.
>> So whatever you come up with, the effect should be that people
>> no longer use the shell. THATs what I want, after bad experience with
>> non-escaped "^" in a regex, that caused some really weird result.

How about starting off with marking all use of "shell=True" as 
deprecated and then replacing the parameter with "risky_shell=True" or 
having no such parameter and adding "risky_" or "dangerous_" wrappers 
for all items that currently have the "shell=True" option.

This would at least highlight that the developer is performing a risky 
operation, to me a part of the problem is that "shell=True" sounds 
innocuous so it is rarely picked up as a potential problem.

I do quite like the idea of having a "with_path=True|False" option or 
maybe a "use_path=" that defaults to sys.path for all of the subprocess 
functions that would allow a little more control over the execution 

Steve (Gadget) Barnes
Any opinions in this message are my personal opinions and do not reflect 
those of my employer.

More information about the Python-ideas mailing list