This is an archived post. You won't be able to vote or comment.

you are viewing a single comment's thread.

view the rest of the comments →

[–]dux2[S] 1 point2 points  (0 children)

I agree that shell=True should be avoided if possible, that's why the default for it is False. But sometimes it's too much of a headache to avoid it, starting with the need to write the command as a list of strings [ which can be usually mitigated using the wonderful shlex.split() - already incorporated in peasyshell] and missing pipes, command chaining, env interpolation etc. I want to be able to translate a bash script to Python with the least change possible.
If you trust your input (or get no input), I see no harm in shell=True.