Message314025
Whoa, wait, what?
I agree that the original post is not as diplomatic as it could be, but my reaction to learning about this just now is also shock and confusion, so I guess I can sympathize with the OP a bit...
The reason I'm surprised is that -- while this probably wasn't fully anticipated when -m was designed -- it's turned out to be a bit of a meme to replace calls like 'pip ...' with 'python -m pip ...', or 'virtualenv ...' with 'python -m virtualenv ...', etc. I thought these were generally pretty much equivalent. I definitely did *not* know that running 'python -m pip' could lead to executing arbitrary code from the cwd, and I'm sure I've run it inside e.g. random git checkouts. If someone had tried to spearphish me with this they would totally have succeeded. (I hope they haven't?)
If you want to run a file in the current directory, is there any advantage to doing 'python -m myscript' instead of 'python myscript.py'? Could we declare that the latter is the One Obvious Way and remove support for the former entirely? |
|
Date |
User |
Action |
Args |
2018-03-18 06:19:42 | njs | set | recipients:
+ njs, ncoghlan, jwilk, ztane |
2018-03-18 06:19:42 | njs | set | messageid: <1521353982.38.0.467229070634.issue33053@psf.upfronthosting.co.za> |
2018-03-18 06:19:42 | njs | link | issue33053 messages |
2018-03-18 06:19:41 | njs | create | |
|