This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients christian.heimes, giampaolo.rodola, gregory.p.smith, izbyshev, jwilk, serhiy.storchaka, vstinner
Date 2019-04-17.16:53:08
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1555519989.13.0.668846566926.issue35755@roundup.psfhosted.org>
In-reply-to
Content 
I modified posixpath.defpath, shutil.which() and distutils.spawn.find_executable() in 3.7 and master (future Python 3.8) branches. I close the issue. Thanks everybody for the review and helping me to collect info about corner cases!

I chose to also change Python 3.7. IMHO there is a low risk of breaking applications: I expect that few users run Python with no PATH environment variable *and* expect that Python looks for programs in the current directory. But it enhances the security a little bit.

For Python 2.7... well, I don't think that this issue is important enough to justify a backport. I prefer to do nothing rather than having to deal with unhappy users complaining that Python 2.7 changed broke their application in a minor 2.7.x release :-) Even if, again, the risk of regression is very low.
History
Date User Action Args
2019-04-17 16:53:09vstinnersetrecipients: + vstinner, gregory.p.smith, giampaolo.rodola, christian.heimes, jwilk, serhiy.storchaka, izbyshev
2019-04-17 16:53:09vstinnersetmessageid: <1555519989.13.0.668846566926.issue35755@roundup.psfhosted.org>
2019-04-17 16:53:09vstinnerlinkissue35755 messages
2019-04-17 16:53:08vstinnercreate