This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author r.david.murray
Recipients Arfrever, barry, benjamin.peterson, bruno.Piguet, georg.brandl, giampaolo.rodola, larry, python-dev, r.david.murray
Date 2013-10-09.21:55:33
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1381355733.5.0.489058661739.issue14984@psf.upfronthosting.co.za>
In-reply-to
Content
Nothing stops us from have a post-mortem discussion on a closed issue :)

The rationale for only doing the check for .netrc is that that is backward-compatibility-wise fairly safe, because other tools will already be insisting on the same security.  But for arbitrary files being parsed for arbitrary purposes by python-based tools, suddenly throwing an error if there is a password in the file could easily break things.

This doesn't necessarily prevent us from making the security even more strict in 3.4, but that is a more complex discussion (involving what purposes netrc-on-other-than-.netrc is used for in the real world), and should be a separate issue in this tracker, if you want to raise the proposal.
History
Date User Action Args
2013-10-09 21:55:33r.david.murraysetrecipients: + r.david.murray, barry, georg.brandl, larry, giampaolo.rodola, benjamin.peterson, Arfrever, python-dev, bruno.Piguet
2013-10-09 21:55:33r.david.murraysetmessageid: <1381355733.5.0.489058661739.issue14984@psf.upfronthosting.co.za>
2013-10-09 21:55:33r.david.murraylinkissue14984 messages
2013-10-09 21:55:33r.david.murraycreate