Message 232093 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	r.david.murray
Recipients	cvrebert, demian.brecht, docs@python, r.david.murray, rhettinger
Date	2014-12-03.21:32:25
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1417642345.9.0.793059048881.issue21557@psf.upfronthosting.co.za>
In-reply-to

Content
Since Raymond is the person who tends to object most strongly to warning boxes in the docs, let's get his opinion on this. I'm not sure that the warning box is necessary, the text may be sufficient. On the other hand, this is a significant insecurity vector. As far as the text goes, I'd combine the two paragraphs and introduce the text from the second one with "Alternatively, ...". And if it isn't a warning box, the the language should be refocused to be positive: "Use the Popen module with shell=False to avoid the common security issues involved in using unsanitized input from untrusted sources..."

Since Raymond is the person who tends to object most strongly to warning boxes in the docs, let's get his opinion on this.  I'm not sure that the warning box is necessary, the text may be sufficient.  On the other hand, this *is* a significant insecurity vector.

As far as the text goes, I'd combine the two paragraphs and introduce the text from the second one with "Alternatively, ...".  And if it isn't a warning box, the the language should be refocused to be positive: "Use the Popen module with shell=False to avoid the common security issues involved in using unsanitized input from untrusted sources..."

History
Date	User	Action	Args
2014-12-03 21:32:25	r.david.murray	set	recipients: + r.david.murray, rhettinger, cvrebert, docs@python, demian.brecht
2014-12-03 21:32:25	r.david.murray	set	messageid: <1417642345.9.0.793059048881.issue21557@psf.upfronthosting.co.za>
2014-12-03 21:32:25	r.david.murray	link	issue21557 messages
2014-12-03 21:32:25	r.david.murray	create