On Thu, 17 Jan 2008 08:55:51 +0100, Christian Heimes <[EMAIL PROTECTED]> wrote: > >* Should the site package directory also be ignored if process > gid != effective gid?
If it should, I think the PEP should explain the attack this defends against in more detail. The current brief mention of "security issues" is a bit hand-wavey. For example, what is the relationship between security, this feature, and the PYTHONPATH environment variable? Isn't the attack of putting malicious code into a user site-packages directory the same as the attack of putting it into a directory in PYTHONPATH? Jean-Paul _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
