[Python-modules-team] Bug#798010: closed by Julian Taylor <jtaylor.debian at googlemail.com> (Re: Bug#798010: Bug#798010: ipython3: malicious dynamic python3 interpreter lookup via "/usr/bin/env python3" in main executable)
Tobias Megies
megies at geophysik.uni-muenchen.de
Fri Sep 18 09:46:47 UTC 2015
> Also the choice of env python in IPython is very deliberate. IPython >
is a mostly a developer tool
99% of people I know that are developing scientific Python code are
using IPython for interactive prototyping. And most of those people can
not be considered Python developers but rather users.
On the other hand 99% of Python *developers* I know are using a
user-space bleeding edge IPython and hardly ever lay a hand on
/usr/bin/python.
But there are cases when I want to run something with an absolutely
stable, non-bleeding-edge, failsafe, non-user-space-possibly-messed-up
Python installation. And in those cases I go to /usr/bin/.. and having
/usr/bin/.. run some local user-space binaries is extremely unexpected
and can cost quite some time while wondering what is going on.
> where you want to be able to use a non
> system python.
How does setting a shebang in /usr/bin/... prevent somebody from using a
non-system Python?
> E.g. for using system IPython in a virtualenv with --system-
> site-packages.
> While you can nowadays also achieve the same effect via python
> -mIPython I don't think the drawbacks of the common practice env
> python is worth a change. Thus I am closing the issue.
I can really not follow your reasoning to ignore this bug.. at all. Why
deviate from the Python Policy?
regards,
Tobias Megies
On 09/04/2015 05:06 PM, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the ipython3 package:
>
> #798010: ipython3: malicious dynamic python3 interpreter lookup via "/usr/bin/env python3" in main executable
>
> It has been closed by Julian Taylor <jtaylor.debian at googlemail.com>.
>
> Their explanation is attached below along with your original report.
> If this explanation is unsatisfactory and you have not received a
> better one in a separate message then please contact Julian Taylor <jtaylor.debian at googlemail.com> by
> replying to this email.
>
>
--
Dipl.-Geophys. Tobias Megies
Geophysikalisches Observatorium
Ludwigshöhe 8
82256 Fürstenfeldbruck
Ludwig-Maximilians-Universität
Department für Geo- und Umweltwissenschaften
Sektion Geophysik
Theresienstrasse 41/IV
80333 München
Tel: +49 (0) 89 2180-73981
+49 (0) 89 2180-4326
Mail: tobias.megies at geophysik.uni-muenchen.de
More information about the Python-modules-team
mailing list