subprocess module usage

Chris Angelico rosuav at
Mon Sep 1 10:59:45 CEST 2014

On Mon, Sep 1, 2014 at 6:46 PM, Cameron Simpson <cs at> wrote:
> Not really. If the arguments are coming in from the command line, someone (a
> user, even if that user is the programmer) typed them. Even if not
> malicious, they can still be mistaken. Or just unfortunate.

I'm guessing that what he means is that the example posted here used
sys.argv but his actual code doesn't. It's still important to
*understand* shell=True, but it can be perfectly safe to use it.


More information about the Python-list mailing list