This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients brett.cannon, christian.heimes, ncoghlan, steve.dower, vstinner
Date 2017-12-15.13:53:23
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1513346003.59.0.213398074469.issue32324@psf.upfronthosting.co.za>
In-reply-to
Content 
> Since the directory is where the code that is being executed exists don't you have to implicitly trust that directory is secure? Otherwise how can you even trust the code you're choosing to execute?

The question is if the following example must work with -I:

---
vstinner@apu$ mkdir directory
vstinner@apu$ echo "import submodule" > directory/__main__.py
vstinner@apu$ echo 'print("submodule", __file__)' > directory/submodule.py

vstinner@apu$ python3 directory
submodule directory/submodule.py

vstinner@apu$ python3 -I directory
submodule directory/submodule.py
---

Do you expect that "python3 directory" allows imports from directory/?

The second question is if directory must be prepended to sys.path (start), or if it must be appended to sys.path (end)?

Prepend allows to override stdlib imports, whereas append risks of conflicts with others paths in sys.path and so loading the "wrong" submodule.

For example, I still expect to run __main__ from directory in the following example:

---
vstinner@apu$ mkdir other
vstinner@apu$ echo "print('other main')" > other/__main__.py
vstinner@apu$ PYTHONPATH=other python3 directory
submodule directory/submodule.py
---
History
Date User Action Args
2017-12-15 13:53:23vstinnersetrecipients: + vstinner, brett.cannon, ncoghlan, christian.heimes, steve.dower
2017-12-15 13:53:23vstinnersetmessageid: <1513346003.59.0.213398074469.issue32324@psf.upfronthosting.co.za>
2017-12-15 13:53:23vstinnerlinkissue32324 messages
2017-12-15 13:53:23vstinnercreate