Message146148
Initially, because I was suggesting the names shadow the subprocess convenience functions so they *had* to live in a different namespace.
However, even after changing the names to explicitly include "shell", I'd like to keep them away from the general subprocess functionality - these wrappers are more convenient for shell operations than the subprocess ones, but it's that very convenience that makes them potentially dangerous in larger applications that may be interpolating data that untrusted users can manipulate.
Since the intended audience is system administrators working on shell-like operations, the shell utility module seems like an appropriate place for them. Both the "import shutil" and the "shell" in the names would then serve as red flags on a code review or security audit. |
|
Date |
User |
Action |
Args |
2011-10-21 23:02:54 | ncoghlan | set | recipients:
+ ncoghlan, eric.araujo, alex, cvrebert |
2011-10-21 23:02:54 | ncoghlan | set | messageid: <1319238174.2.0.638946122219.issue13238@psf.upfronthosting.co.za> |
2011-10-21 23:02:53 | ncoghlan | link | issue13238 messages |
2011-10-21 23:02:53 | ncoghlan | create | |
|