Antoine Pitrou wrote: > In light of this issue, I'm -0.5 on __pycache__ becoming the default caching > mechanism. The directory ownership/permissions issue is too much of a mess, > especially for Web applications (think __pycache__ files created by the Apache > user). Doesn't the existing .pyc mechanism have the same problem? Seems to me it's just as insecure to allow the Apache user to create .pyc files, since an attacker could overwrite them with arbitrary bytecode. The only safe way is to pre-compile under a different user and make everything read-only to Apache. The same thing would apply under the __pycache__ regime. > Actually, __pycache__ creation doesn't have to be part of the import mechanism. > It can be part of distutils instead (or whatever third-party tool What about development, or if a user installs by dragging into site-packages instead of using an installer? I don't like the idea of being required to use an installation tool in order to get .pyc files. -- Greg
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4