[Python-Dev] collections.sortedtree (original) (raw)
Chris Angelico rosuav at gmail.com
Thu Mar 27 11:38:28 CET 2014
- Previous message: [Python-Dev] collections.sortedtree
- Next message: [Python-Dev] collections.sortedtree
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Mar 27, 2014 at 8:58 PM, Nick Coghlan <ncoghlan at gmail.com> wrote:
On 27 March 2014 19:10, Maciej Fijalkowski <fijall at gmail.com> wrote:
I just find "my company is stupid so let's work around it by putting stuff to python standard library" unacceptable argument for python-dev and all the python community. Due diligence and prudent risk management are not stupid - most open source projects and small companies just don't have the luxury of worrying about them, as they're so far down the list of concerns that the additional risk of using arbitrary code downloaded off the internet doesn't even register.
I don't think anyone's saying it's stupid to be cautious, but more that it's stupid to blindly accept the latest python.org release and not accept something from another source. And if that's stupid, well, I'm stupid too - blindly accepting a whole lot of binary package updates because they're on ftp.au.debian.org, for instance. Why do I trust that, and not random sites on the internet? Because I trust that the Debian package maintainers to check what goes through, and I trust that there are people with reputations at stake, who won't want to send something dodgy through. It's not perfect, but it's a whole lot easier than checking every single package that goes through.
ChrisA
- Previous message: [Python-Dev] collections.sortedtree
- Next message: [Python-Dev] collections.sortedtree
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]