The man page for Python (3.4 and 3.5) says:

-I Run Python in isolated mode. This also implies -E and -S. In
isolated mode sys.path contains neither the scripts directory
nor the users site-packages directory. All PYTHON* environment
variables are ignored, too. Further restrictions may be imposed
to prevent the user from injecting malicious code.

But the code says:

-I : isolate Python from the user's environment (implies -E and -s)

and the code to handle -I does:

    case 'I':
        Py_IsolatedFlag++;
        Py_NoUserSiteDirectory++;
        Py_IgnoreEnvironmentFlag++;
        break;

where Py_NoUserSiteDirectory is the variable corresponding to the -s flag
rather than the -S flag. But it seems like -I should really imply both
-s and -S. So I am filing this bug primarily to find out whether or not
it really should be both. If so, great: a patch is attached; details
below. But if not, then the man page should be corrected.

The rest of this is written under the assumption that -I should imply -S
as well as -s.

Background: depending on which packages are installed on different Solaris
systems, test_site passes or not. Certain packages (e.g., dogpile.core,
dogpile.cache, repoze.lru) that have a .pth file with "import types"
which results in test_site.StartupImportTests failing because types has
been imported which is in the list of collections modules, none of which
are expected to be imported. So we thought "well, -S should fix that"
then noticed the man page saying -I implied -S which is how we got here.

Tweaking the code and man page so -I does imply -S was trivial. But three
other changes were needed:

1. In test_site.py, test_startup_imports() asserted that 'site' was in the
   list of modules that had been imported. This is no longer true, so I
   deleted the assert.

2. test_inspect failed because of a name error, that turned out to be
   inspect.py calling exit instead of sys.exit. So the attached patch
   corrects both of those. This fix is probably generally applicable
   even if the "-I should imply both -S and -s" assumption turns out to
   be false.

3. test_venv failed because it and the venv module were using -I to imply
   -s and -E but not -S. Changing three instances of "-Im" to "-Esm"
   (one in Lib/venv/init.py, the other two in Lib/test/test_venv.py)
   fixed this. However, even if the "-I should imply both -S and -s"
   assumption is true, this change may not be desirable in the general
   case, but needed because of Solaris' hacky work-around for issue
   1298835 not yet being fixed.'

   I.e., we ship /usr/lib/python3.4/site-packages/vendor-packages.pth
   with the one line:
   import site; site.addsitedir('/usr/lib/python3.4/vendor-packages')
   (likewise for other versions).

   So this may not be desirable in general, but I mention it for the
   sake of completeness.

Adding Christian Heimes to the nosy list; as the author of the fix for
bpo-16499, he seems an excellent person to answer the question and
offer advice on the approaches discussed herein.

The isolated mode implies -E (ignore env vars) and -s (don't add user site directory). The code and tests are correct, just the man page is wrong. The site module is still loaded in -I mode as it doesn't impose any security implications.

I'd looks like I made a typo in dd0d751cc7f1 and used upper case instead of lower case for python.man.

Thank you very much for clarifying that. I have updated the bug Title
accordingly.

New changeset d774401879d8 by Ned Deily in branch '3.4':
Issue bpo-24077: Fix typo in man page for -I command option: -s, not -S.
https://hg.python.org/cpython/rev/d774401879d8

New changeset 493b3310d5d0 by Ned Deily in branch 'default':
Issue bpo-24077: merge from 3.4
https://hg.python.org/cpython/rev/493b3310d5d0

Thanks for the report, John!