[issue24534] disable executing code in .pth files

[Marc-Andre Lemburg]

Marc-Andre Lemburg added the comment:

On 30.06.2015 22:49, Min RK wrote:
> 
>> Could you please post an example of where the feature is problematic ?
> 
> setuptools/easy_install is the major one, which effectively does `sys.path[:0] = pth_contents`, breaking import priority. This has been known to result in adding `/usr/lib/pythonX.Y/dist-packages` to the front of sys.path, having higher priority that the stdlib or `--user` -installed packages (I helped a user deal with a completely broken installation that was a result of exactly this last week). The result can often be that `pip list` doesn't accurately describe the versions of packages that are imported. It also causes `pip install -e` to result in completely different import priority from `pip install`, which doesn't use easy-install.pth. Removing the code execution from `easy-install.pth` solves all of these problems.

Ok, so you regard the way that setuptools uses the feature as
problematic. I'm sure some people will agree (including myself),
but this is not a good reason to remove the feature altogether.

Just because a feature can be misused doesn't make it a bad
feature. Otherwise, we'd have quite a few things we'd have to
remove from Python :-)

I'd suggest to try to fix the setuptools uses of the feature
instead - in a way that doesn't break all setuptools installations,
of course. Perhaps you could submit a fix for this to the
setuptools maintainers instead.

Thanks,
-- 
Marc-Andre Lemburg
eGenix.com

----------

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue24534>
_______________________________________