This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author benrg
Recipients benrg, paul.moore, pitrou, steve.dower, tim.golden, zach.ware
Date 2018-01-23.07:55:57
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1516694157.3.0.467229070634.issue32612@psf.upfronthosting.co.za>
In-reply-to
Content 
This bug is about paths that compare *equal*, but refer to *different* files. I agree that the opposite is not much of a problem (and I said so in the original comment).

The reason I classified this as a security bug is that Python scripts using pathlib on Windows could be vulnerable in certain cases to an attacker that can choose file names. For example, the order in which paths are added to a set or dict could affect which of two files is seen by the script. If different parts of the script add files in different orders - which would normally be safe - the result could be similar to a TOCTTOU race.

I don't disagree that "doing a good enough job of case folding is better than ignoring it." I just think that pathlib should not case-fold strings that Windows filesystems don't.
History
Date User Action Args
2018-01-23 07:55:57benrgsetrecipients: + benrg, paul.moore, pitrou, tim.golden, zach.ware, steve.dower
2018-01-23 07:55:57benrgsetmessageid: <1516694157.3.0.467229070634.issue32612@psf.upfronthosting.co.za>
2018-01-23 07:55:57benrglinkissue32612 messages
2018-01-23 07:55:57benrgcreate