Message199350
Nothing stops us from have a post-mortem discussion on a closed issue :)
The rationale for only doing the check for .netrc is that that is backward-compatibility-wise fairly safe, because other tools will already be insisting on the same security. But for arbitrary files being parsed for arbitrary purposes by python-based tools, suddenly throwing an error if there is a password in the file could easily break things.
This doesn't necessarily prevent us from making the security even more strict in 3.4, but that is a more complex discussion (involving what purposes netrc-on-other-than-.netrc is used for in the real world), and should be a separate issue in this tracker, if you want to raise the proposal. |
|
Date |
User |
Action |
Args |
2013-10-09 21:55:33 | r.david.murray | set | recipients:
+ r.david.murray, barry, georg.brandl, larry, giampaolo.rodola, benjamin.peterson, Arfrever, python-dev, bruno.Piguet |
2013-10-09 21:55:33 | r.david.murray | set | messageid: <1381355733.5.0.489058661739.issue14984@psf.upfronthosting.co.za> |
2013-10-09 21:55:33 | r.david.murray | link | issue14984 messages |
2013-10-09 21:55:33 | r.david.murray | create | |
|