From da396c630cb15426de994ccb95f16e9787a8e002 Mon Sep 17 00:00:00 2001
From: mulhern <amulhern@redhat.com>
Date: Tue, 8 Aug 2023 09:23:58 -0400
Subject: [PATCH] Also ignore B603 globally

Signed-off-by: mulhern <amulhern@redhat.com>
---
 Makefile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 775fcf9b1..4d87d7a7b 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,10 @@ UNITTEST_OPTS = --verbose
 # Ignore bandit B404 errors. Any import of the subprocess module causes this
 # error. We know what we are doing when we import that module and do not
 # need to be warned.
-BANDIT_SKIP = --skip B404
+# Ignore bandit B603 errors. It is actually considered safer to invoke
+# subprocess functions or constructors with shell=False, as is our standard
+# custom. So B603 is essentially equivalent to B404 which we also ignore.
+BANDIT_SKIP = --skip B404,B603
 
 .PHONY: lint
 lint: