Author larry
Recipients bhou, larry, paul.moore, r.david.murray, steve.dower, tim.golden, zach.ware
Date 2015-09-07.02:39:30
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1441593571.85.0.278659325804.issue25005@psf.upfronthosting.co.za>
In-reply-to
Content
I want to ship something, but I don't think it'll be either of those patches in their current form.

Maybe I'm dense, but I don't feel like I understand these patches.  They have very different approaches.

The first one attempts to rehabilitate the patch by running the browser directly instead of using "start"?  Do the features added in issue 8232 still work?

The second one just backs out the feature completely?  The features added in issue 8232 are gone?

And both patches switch from using subprocess.call(shell=True) to os.startfile(), which is the security hole David is talking about, which isn't actually what this bug is about.

Do both patches fix the erroneous behavior observed by the original bug report, with "&" being interpreted as a shell command separator?
History
Date User Action Args
2015-09-07 02:39:31larrysetrecipients: + larry, paul.moore, tim.golden, r.david.murray, zach.ware, steve.dower, bhou
2015-09-07 02:39:31larrysetmessageid: <1441593571.85.0.278659325804.issue25005@psf.upfronthosting.co.za>
2015-09-07 02:39:31larrylinkissue25005 messages
2015-09-07 02:39:30larrycreate