On Wed, Aug 5, 2020, 11:46 PM 杭媛 <amberbab...@gmail.com> wrote: > Strongly approve! Is there any update on this problem? > > 在 2014年3月4日星期二 UTC+8下午10:09:21,Dan Harasty写道: >> >> I'm new to Sphinx, but a seasoned Python programmer. I'm working through >> the Sphinx tutorials, and I may have by sheer luck barely avoided a >> disaster. Please: someone tell me if I'm being over dramatic, and calm >> this Sphinx-noob down. >> >> I'm so new, I'm not even really sure which part of Sphinx calls which, >> and which is exhibiting the [what I consider] extremely dangerous behavior: >> sphinx-build? sphinx-apidoc? make? So in my ignorance, I'll just attribute >> all to sphinx-build. >> >> It seems that sphinx-build imports every Python file it finds in the >> directory it is pointed to. But of course, it can't distinguish a true >> "module" >> (reusable code that performs no side-effects until functions are invoked) >> from a "script" (code invoke to do something). It can't do this because >> that distinction is purely in the developer's head, not in Python or Python >> files themselves. >> >> Therein is -- what I consider -- the extreme danger. In our system, we >> occasionally have maintenance scripts sitting in the directories with the >> modules. Script that do minor stuff like, oh, delete important system >> logs, kick off long-running (multi-hour) table generation routines, or >> alter production tables, or even drop entire databases. >> >> Imagine my panic when running sphinx-build for the first time, and I >> realize by the output that EVERYTHING is being imported... which means >> everything is being executed. Did I leave any scripts in a state where >> they are deleting important files or dropping databases? Are any of those >> configured to execute against our production system??? >> >> Apparently, by sheer luck, no script was configured so as to produce an >> irrecoverable side effect, and I think my system escaped unscathed. >> >> But it could easily have happened. >> >> Once my blood pressure returned to normal and my panic subsided, I went >> back to the tutorial docs, looking for an explanation that ALL files would >> actually be imported/executed. I didn't see that. I looked for a warning: >> "if any of your modules or scripts in the tree perform side effects, put >> all that code in an "if __name___=='__main__'" block, or put >> "::sphinx-ignore-this-file" as a comment somewhere in the file.". I didn't >> see that. >> >> Did I miss that? >> >> Has anyone considered how dangerous it is to execute EVERY PYTHON FILE in >> a large directory without proper warning (from Sphinx) and thorough code >> review (by the developer)? >> >> I guess I expected Sphinx would do its work by a simple lexical analysis >> of the Python files... and not actually import/execute them. I admit: the >> docs (the tutorials that I've read so far) don't SAY that. But they also >> don't say "all will be imported/executed"... which should be a VERY BIG >> caveat/warning in the tutorials. >> >> I love how the Sphinx docs look, and I'd like to use the system for my >> project and my team... But I need to have a rock solid way to make sure >> that the documentation build doesn't start trashing my operational system >> by executing scripts that had no intention of running or even have anything >> useful to be documented in them. >> >> >> -- > You received this message because you are subscribed to the Google Groups > "sphinx-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to sphinx-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/sphinx-users/351bd2a2-2229-41af-9404-f5f7439a6af6o%40googlegroups.com > <https://groups.google.com/d/msgid/sphinx-users/351bd2a2-2229-41af-9404-f5f7439a6af6o%40googlegroups.com?utm_medium=email&utm_source=footer> > . >
-- You received this message because you are subscribed to the Google Groups "sphinx-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to sphinx-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/sphinx-users/CAELGjd9SdbA7z3z%2B%3D652uux%2BdzSfkAqz01bY%3DnnXeN%3DYPon8AA%40mail.gmail.com.
