This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author minrk
Recipients minrk
Date 2015-06-29.19:30:38
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
.pth files currently allow execution of arbitrary code, triggered by lines starting with `import`. This is a rarely understood, and often misbehaving feature. easy_install has used this feature to ensure that its packages are highest priority (even higher than stdlib). This is one of the unfortunate behaviors that pip undoes from easy_install, in part due to the problems it can cause. There is currently a proposal in setuptools to stop using this, even for easy_install.

The attached patch removes support for executing code in .pth files, throwing an ImportWarning if any such attempts at import are seen.

General question that might result in rejecting this patch:

Are there any good/valid use cases for .pth files being able to execute arbitrary code at interpreter start time?

If this is accepted, some implementation questions:

1. if the feature is removed in 3.6, should a DeprecationWarning be added to 3.5?
2. Is ImportWarning the right warning class (or should there even be a warning)?
Date User Action Args
2015-06-29 19:30:39minrksetrecipients: + minrk
2015-06-29 19:30:39minrksetmessageid: <>
2015-06-29 19:30:39minrklinkissue24534 messages
2015-06-29 19:30:38minrkcreate