Bug#493937: Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd
Robert Collins
robertc at robertcollins.net
Wed Aug 6 03:21:23 UTC 2008
On Tue, 2008-08-05 at 23:07 -0400, James Vega wrote:
> While this does provide a workaround for the issue, this is behavior
> inherent in the way Python is designed and should be fixed in Python.
> If we choose to instead address every application that embeds Python,
> we're just creating an endless stream of work for ourselves.
Possibly. I did file a bug [rejected] on reportbug itself just a few
days ago, because it also will load from . if '' is in the pythonpath.
OTOH perhaps having '' in sys.path is always wrong and we should start a
mass set of bugs to prevent it?
-Rob
--
GPG key available at: <http://www.robertcollins.net/keys.txt>.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-vim-maintainers/attachments/20080806/8f21d826/attachment.pgp
More information about the pkg-vim-maintainers
mailing list