2016-09-08 12:55 GMT+02:00 Dimitri John Ledkov <x...@debian.org>: > Hello, > > On 29 August 2016 at 14:39, Dominic Hargreaves <d...@earth.li> wrote: >> tl;dr: '.' is being removed from perl's @INC by default; some breakage >> in apps expected. >> >> For some years[1], it's been known that perl's habit of including '.' >> in its module load path, (@INC) is potentially dangerous, since it >> can allow untrusted code to be run under certain circumstances. However, >> for most of that time it wasn't taken that seriously, particularly as the >> fix is quite disruptive. > > Other languages do that too. E.g. python, Doesn't python have the same > concerns then too?
php does: $ php -i | grep include_path include_path => .:/usr/share/php => .:/usr/share/php What should we do then? Regards -- Mathieu Parent
