On Oct 25, 2012, at 11:18 AM, Steve Langasek wrote: >On Thu, Oct 25, 2012 at 10:56:05AM -0400, Barry Warsaw wrote: >> This doesn't requires a mass freakout, but it might be useful for a mass bug >> filing (of non-urgent priority, I think). I don't have time before UDS-R to >> look into that, so I at least wanted to send this email to put it on the >> radar. Here is what the switches do (from python -h): > >> -E : ignore PYTHON* environment variables (such as PYTHONPATH) >> -s : don't add user site directory to sys.path; also PYTHONNOUSERSITE > >> Using -E fixed the immediate bug, but I think it is generally useful to >> include -s also, so as to avoid any potential breakage of system scripts by >> things users may have added locally. > >If there's consensus that this should be dealt with in the packages, best >would be to update the tooling (IIRC dh_python* already have some support >for shebang rewrites?) and add a lintian warning, foregoing any mass bug >filing. > >But like Jakub I'm not sure this actually warrants proactive effort on our >part, because the only instance of this we've seen so far can be attributed >to a misbehaving third-party app tainting the environment. Yes, it's >reasonable to work around that one known case, but why spend any effort on >this problem unless and until we see a pattern of such abuse (where "a >pattern" is N>1)?
I do believe dh_python* rewrites shebang lines already, so adding this there is probably both easy, and appropriate (with a --disable flag of course). I agree it's not worth worrying about unless we see a pattern of breakage. (OTOH, if it's easy enough to add and you happen to be mucking about in this area already... :). -Barry
signature.asc
Description: PGP signature