sethmlarson.dev

Archives
Log in
Subscribe
February 27, 2026

Deprecate confusing APIs like os.path.commonprefix()

The os.path.commonprefix() function has been an API in the Python standard library for at least 35 years (since February 1991) and in that time has been confusing users and creating security issues, even in programs explicitly trying to mitigate vulnerabilities. This was caused directly by the API's placement in the os.path module and further perpetuated by backwards compatibility.

This article shows the long history of confusion around this API, the security issues the confusion caused, and some recommendations on responding to user reports of confusing behavior in security-sensitive functions.

Read more: https://sethmlarson.dev/deprecate-confusing-apis-like-os-path-commonprefix

Don't miss what's next. Subscribe to sethmlarson.dev:
← Newer The Legend of Zelda: Link’s Awakening respects your time Older → Respecting maintainer time should be in security policies

Add a comment:

You're not signed in. Posting this comment will subscribe you to this newsletter with the email address you enter below.
Share this email:
Share on Hacker News Share on Reddit Share via email Share on Mastodon Share on Bluesky
sethmlarson.dev
Bluesky
Mastodon
Powered by Buttondown, the easiest way to start and grow your newsletter.