[Python-Dev] Python 2.7.7. on Windows
Mike Miller
python-dev at mgmiller.net
Mon Apr 28 09:52:48 CEST 2014
More information about the Python-Dev mailing list
Mon Apr 28 09:52:48 CEST 2014
- Previous message: [Python-Dev] Clarification on MRO when inheriting from builtin type.
- Next message: [Python-Dev] Python 2.7.7. on Windows
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Greetings, I've just woken up and noticed Python 2.7.7 is on track to be released, and in a rather unique event contains a few security enhancements in addition to the usual fixes: http://legacy.python.org/dev/peps/pep-0466/ I thought this might be a good time to make a final plea to fix a long-standing security issue in the installer on Windows. By default it installs Python to the root folder, thereby bypassing filesystem permissions: http://bugs.python.org/issue1284316 The main rationale given (for not using the standard %ProgramFiles%) has been that the full path to python is too long to type, and ease of use is more important than the security benefits given by following Windows conventions. However, adding python to the PATH variable is an alternative solution that would result in even fewer keystrokes needing to be typed at a console, while maintaining system security. As this is an installer setting and not a code change, I gather that the opportunities for code breakage should be fewer. Please consider updating this setting to a more secure and friendly default, for 2.7.7 and 3.5+ as well. -Mike
- Previous message: [Python-Dev] Clarification on MRO when inheriting from builtin type.
- Next message: [Python-Dev] Python 2.7.7. on Windows
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list