[Tutor] [Python-ideas] import imports

A.T.Hofkamp a.t.hofkamp at tue.nl
Tue Jan 27 12:23:13 CET 2009

Hai Denis,

spir wrote:
> "Secure import" means that I, as client of the imported module, know that
this module defines __all__. I can then safely import all. I can even
precisely know which names are defined simply by reading __all__. The common
practice of defining __all__ on top of a module help in that, too. So that
there is no name collision (or rather no more than may happen inside a module
when not paying enough attention to naming.)

There is no such thing as 'secure import *' imho.

The assumption that you make here is that you as client of a library have 
control over which version of the library is being used in your application.

That assumption does not hold in the general case.

Suppose you checked that __all__ of a library does not cause problems in your 
application. You do "import *", and distribute and use your application. It is 
a big hit, you get thousands of users.

The library authors modify and extend their library, taking good care about 
backwards compability, and adding new names for theie new functionality to 
their __all__.

Users blindly rely on package managers, or want to use bleeding edge 
libraries. They install the newest library (with enough users, you always get 
a set of library versions that users use with your application), which is by 
word of the author, backwards compatible.

However, your import * pulls in the new __all__ names, which may cause new and 
unexpected name clashes, throwing your 'secure' out of the window in the process.

I have started to believe that 'import *' should be removed from the language; 
it is way to easy to make fatal mistakes with it.


More information about the Tutor mailing list