[Python-Dev] If you shadow a module in the standard library that IDLE depends on, bad things happen (original) (raw)
Steven D'Aprano steve at pearwood.info
Sun Nov 1 01:06:30 EST 2015
- Next message (by thread): [Python-Dev] Unable to submit a patch to the tracker
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
CC'ing Python-Ideas. Follow-ups to Python-Ideas please.
On Thu, Oct 29, 2015 at 09:22:15PM -0400, Terry Reedy wrote:
Leaving IDLE aside, the reason '' is added to sys.path is so that people can import their own modules. This is very useful. Shadowing is the result of putting it at the front. I have long thought this a dubious choice. If '' were instead appended, people could still import modules that did not duplicate stdlib names. Anyone who wanted shadowing could move '' to the front. But then shadowing would be intentional, not an accident.
Terry is right. Shadowing should be possible, and it should require a deliberate decision on the part of the programmer.
Consider the shell, say, bash or similar. My understanding is that the shell PATH deliberately excludes the current directory because of the possibility of malicious software shadowing usual commands in /bin etc. If you want to run an executable in the current directory, you have to explicitly provide the path to it: ./myscript rather than just myscript.
Now Python isn't exactly the shell, and so I'm not proposing that Python does the same thing. But surely we can agree on the following?
Shadowing explicitly installed packages, including the stdlib, is occasionally useful.
But when shadowing occurs, it is nearly always accidental.
Such accidental shadowing often causes problems.
And further more, debugging shadowing problems is sometimes tricky even for experienced coders, and almost impossible for beginners.
(It's not until you've been burned once or thrice by shadowing that you recognise the symptoms, at which point it is then usually easy to debug.)
Hence, we should put the onus on those who want to shadow installed packages) to do so explicitly, or at least make it easier to avoid accidental shadowing.
I propose the following two changes:
(1) Beginning with Python 3.6, the default is that the current directory is put at the end of sys.path rather than the beginning. Instead of:
>>> print(sys.path)
['', '/this', '/that', '/another']we will have this instead:
>>> print(sys.path)
['/this', '/that', '/another', '']Those who don't shadow installed packages won't notice any difference.
Scripts which deliberately or unintentionally shadow installed packages will break from this change. I don't have a problem with this. You can't fix harmful behaviour without breaking code that depends on that harmful behaviour. Additionally, I expect that those who rely on the current behaviour will be in a small minority, much fewer than those who will be bitten by accidental shadowing into the indefinite future. And if you want the old behaviour back, it is easy to do so, by changing the path before doing your imports:
import sys
if sys.path[-1] == "": sys.path = [""] + sys.path[:-1]or equivalent.
I do not belive that it is onerous for those who want shadowing to have to take steps to do so explicitly. That can be added to your scripts on a case-by-case basis, or your PYTHONSTARTUP file, by modifying your site.py, or (I think) by putting the code into the sitecustomize or usercustomize modules.
(2) IDLE doesn't need to wait for Python 3.6 to make this change. I believe that IDLE is permitted to make backwards incompatible changes in minor releases, so there is no reason why it can't change the path effective immediately.
That's a simpler fix than scanning the entire path, raising warnings (which beginners won't understand and will either ignore or panic over) or other complex solutions. It may not prevent every shadowing incident, but it will improve the situation immeasurably.
Thoughts?
-- Steve
- Next message (by thread): [Python-Dev] Unable to submit a patch to the tracker
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]