On Thu, Oct 25, 2012 at 10:56:05AM -0400, Barry Warsaw wrote: > This doesn't requires a mass freakout, but it might be useful for a mass bug > filing (of non-urgent priority, I think). I don't have time before UDS-R to > look into that, so I at least wanted to send this email to put it on the > radar. Here is what the switches do (from python -h):
> -E : ignore PYTHON* environment variables (such as PYTHONPATH) > -s : don't add user site directory to sys.path; also PYTHONNOUSERSITE > Using -E fixed the immediate bug, but I think it is generally useful to > include -s also, so as to avoid any potential breakage of system scripts by > things users may have added locally. If there's consensus that this should be dealt with in the packages, best would be to update the tooling (IIRC dh_python* already have some support for shebang rewrites?) and add a lintian warning, foregoing any mass bug filing. But like Jakub I'm not sure this actually warrants proactive effort on our part, because the only instance of this we've seen so far can be attributed to a misbehaving third-party app tainting the environment. Yes, it's reasonable to work around that one known case, but why spend any effort on this problem unless and until we see a pattern of such abuse (where "a pattern" is N>1)? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: Digital signature