[Python-Dev] Re: Capabilities - published interfaces (original) (raw)
Ka-Ping Yee python-dev at zesty.ca
Mon Dec 29 04:43:16 EST 2003
- Previous message: [Python-Dev] Re: Capabilities - published interfaces
- Next message: [Python-Dev] Re: Capabilities - published interfaces
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I've been distracted by holiday events, but this requires a reply.
On Sat, 20 Dec 2003, Aahz wrote:
Exactly. From my observations of these discussions, there are essentially only two reasons for restricted execution:
* To simplify things by reducing the potential solution space * To protect a system against a hostile attacker
There is a huge blind spot in your claim. You forgot:
To limit the damage caused by a bug in your program
To make your programs have more predictable behaviour
Capabilities are about making clear what parts of your program can and can't do.
Supposedly there's a middle ground of untrusted but non-hostile code, but what's the point of providing support for that?
Have you ever used a library written by someone else? Have you ever found a bug in something you wrote yourself?
"Untrusted but non-hostile code" is what all of us write every day.
-- ?!ng
- Previous message: [Python-Dev] Re: Capabilities - published interfaces
- Next message: [Python-Dev] Re: Capabilities - published interfaces
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]