Author qix-
Recipients Anthony Sottile, Chris Billington, Ethan Smith, Ivan.Pozdeev, Peter L3, SilentGhost, __Vano, barry, brett.cannon, cheryl.sabella, christian.heimes, eric.smith, eric.snow, ionelmc, jaraco, mhammond, ncoghlan, nedbat, pitrou, qix-, steve.dower, takluyver, terry.reedy, veky, yan12125
Date 2019-08-27.10:13:44
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1566900825.09.0.687856835044.issue33944@roundup.psfhosted.org>
In-reply-to
Content
-1

This would make `better_exceptions` irreparably un-ergonomic.

https://github.com/qix-/better-exceptions

.PTH files are commonly used to install development middleware in order to enhance the development and debugging experience.

I recognize the need for security, but could we instead focus on improving the security of the existing .PTH system instead of throwing out the baby with the bathwater?

The search "pth files python virus|malicious" on Google returns this issue. Is .PTH a previously exploited vector? This is like saying NPM's `install` scripts are a vector. I'm not going to be running code that I don't at least trust a little.

This issue reads like someone had a bad time with some poorly written Python code that was stuck inside a .PTH file, had to debug why it was causing a problem, and came here to cry about it (no offense, Barry).

Instead of improving it, the first inclination was to remove it altogether without any regard to its use-cases or the effects it would have on some packages that rely on it.

Let's improve it, not kill it.
History
Date User Action Args
2019-08-27 10:13:45qix-setrecipients: + qix-, mhammond, barry, brett.cannon, terry.reedy, jaraco, ncoghlan, pitrou, eric.smith, christian.heimes, nedbat, ionelmc, SilentGhost, __Vano, eric.snow, takluyver, steve.dower, veky, Ivan.Pozdeev, yan12125, Anthony Sottile, Ethan Smith, cheryl.sabella, Chris Billington, Peter L3
2019-08-27 10:13:45qix-setmessageid: <1566900825.09.0.687856835044.issue33944@roundup.psfhosted.org>
2019-08-27 10:13:45qix-linkissue33944 messages
2019-08-27 10:13:44qix-create