On 03Jun2021 17:06, Bernat Gabor <jokerjoke...@gmail.com> wrote: >On Thu, Jun 3, 2021 at 5:05 PM Larry Hastings <la...@hastings.org> >wrote: >> On 6/3/21 4:20 AM, Chris Johns wrote: >> Might be out of context here, but IMHO "." shouldn't be assumed to be >> the current directory anyway. >> >> As someone who has ported python to a system where it isn't, these >> assumptions tend to cause problems. >> >> That sounds miserable. What does "." signify on such a system, if not the >> current directory? > >The only other thing that would make sense is a folder in the current >working directory named ".", not?
I can't speak for Chris Johns, and we're off topic for this thread. That said, I dislike "." in sys.path, particularly near the front. In fact my own "invoke this module's main" wrapper scripts strip it out. I remain personally of the opinion that it is a security nightmare, making imports _subject_ to the current directory (which might be anywhere, include a directory owned by a hostile user). So i dislike it as a default. I know Robin becker is testing specific behaviour - I don't oppose being _able_ to put "." in sys.path (though I think a concrete absolute path is a saner choice). So for Bernat and Larry: not systems where "." doesn't mean the working directory, but definitely in situations where you want a more secure loading of modules (i.e. only from where I expect, not destabilised by a cd). Cheers, Cameron Simpson <c...@cskk.id.au> _______________________________________________ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/YMV4LUW5LYFKJYEIHVM5GTCC6POM6BYF/ Code of Conduct: http://python.org/psf/codeofconduct/
