This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author barry
Recipients Anthony Sottile, Chris Billington, Ivan.Pozdeev, SilentGhost, __Vano, barry, brett.cannon, cheryl.sabella, christian.heimes, eric.smith, eric.snow, ethan smith, ionelmc, jaraco, mhammond, ncoghlan, pitrou, steve.dower, takluyver, terry.reedy, veky
Date 2019-02-26.18:09:08
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <0A95210B-C817-40BD-9086-216B00CEFC25@python.org>
In-reply-to <1551187191.18.0.457726647182.issue33944@roundup.psfhosted.org>
Content 
On Feb 26, 2019, at 05:19, Nick Coghlan <report@bugs.python.org> wrote:
> 
> I just don't want to lose the "add this location to sys.path" behaviour that exists for lines in pth files that *don't* start with "import ", since that has plenty of legitimate use cases, and the only downside of overusing it is an excessively long default sys.path (which has far more consistent and obvious symptoms than the arbitrary code execution case can lead to).

It’s also very difficult to debug because pth loading usually happens before the user has a chance to intervene with a debugger.  This means mysterious things can happen, like different versions of a package getting imported than you expect.

Extending sys.path is a useful use case, but doing so in pth files is problematic.
History
Date User Action Args
2019-02-26 18:09:08barrysetrecipients: + barry, mhammond, brett.cannon, terry.reedy, jaraco, ncoghlan, pitrou, eric.smith, christian.heimes, ionelmc, SilentGhost, __Vano, eric.snow, takluyver, steve.dower, veky, Ivan.Pozdeev, Anthony Sottile, ethan smith, cheryl.sabella, Chris Billington
2019-02-26 18:09:08barrylinkissue33944 messages
2019-02-26 18:09:08barrycreate