Author steve.dower
Recipients FFY00, frenzy, hroncok, jaraco, steve.dower
Date 2021-05-03.18:43:58
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1620067438.43.0.246652023222.issue43976@roundup.psfhosted.org>
In-reply-to
Content
Yes, I saw some of the latest changes in the PR.

My biggest concern is with the bare "import _vendor_config", which I'd prefer to have restricted to a fixed location, rather than being influenced by environment variables and other options. We already have an issue with readline being imported from anywhere it can be found.

A native flag to suppress it (i.e. something in sys.flags) could also become important for embedders, though it may matter more at a higher level (i.e. should an embedded CPython *ever* be using sysconfig? Probably not...). I wouldn't add a new flag for it right now, but I feel like sys.flags.isolated should probably imply that this should be ignored.

Though then we hit the issue again that these patches are about changing the "safe default" behaviour, which is what you want to get back when you run with -S or -I. And I'm not totally sure how to resolve this.

So basically, my concerns are:
* don't import arbitrary files
* ensure -S/-I options remain useful (or become even more useful)
History
Date User Action Args
2021-05-03 18:43:58steve.dowersetrecipients: + steve.dower, jaraco, hroncok, frenzy, FFY00
2021-05-03 18:43:58steve.dowersetmessageid: <1620067438.43.0.246652023222.issue43976@roundup.psfhosted.org>
2021-05-03 18:43:58steve.dowerlinkissue43976 messages
2021-05-03 18:43:58steve.dowercreate