[Python-Dev] Security implications of pep 383 (original) (raw)
Glenn Linderman v+python at g.nevcal.com
Tue Mar 29 22:00:51 CEST 2011
- Previous message: [Python-Dev] Security implications of pep 383
- Next message: [Python-Dev] Security implications of pep 383
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 3/29/2011 12:10 PM, Toshio Kuratomi wrote:
The possible flaw in python is this: Code like the blog poster wrote passes python3 without an error or a warning. This gives the programmer no feedback that they're doing something wrong until it actually bites them in the foot in deployed code.
Yes there is a certain level of knowledge required of the system configuration and python defaults for accessing the system for things like filenames. It can be coded in any of several ways.
But by the above definition of "possible flaw", that seems equivalent to saying that Python should give a warning for things like
os.unlink("my-most-important-file.doc") -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20110329/3b21fb29/attachment.html>
- Previous message: [Python-Dev] Security implications of pep 383
- Next message: [Python-Dev] Security implications of pep 383
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]