Message 162777 - Python tracker

Message162777

Author	fijall
Recipients	arigo, christian.heimes, fijall, hynek, loewis, pitrou
Date	2012-06-14.12:16:47
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1339676208.48.0.978931257844.issue15061@psf.upfronthosting.co.za>
In-reply-to

Content
Hi Christian. It's either secure or it's not. If it's not, there is no point in introducing it at all as I don't think it's a good idea to have a kind-of-secure-but-i-dont-know functions in stdlib. If you restrict input to bytes it looks okish, but I looked at all the code that's invoked on the C side and it's quite a lot of code. Does you or anyone else actually go and review all the C code that's called via various operations to check if it does or does not depend on the value of various characters? I can't tell myself, it's too long.

Content

Hi Christian. It's either secure or it's not. If it's not, there is no point in introducing it at all as I don't think it's a good idea to have a kind-of-secure-but-i-dont-know functions in stdlib.

If you restrict input to bytes it looks okish, but I looked at all the code that's invoked on the C side and it's quite a lot of code. Does you or anyone else actually go and review all the C code that's called via various operations to check if it does or does not depend on the value of various characters? I can't tell myself, it's too long.

History
Date	User	Action	Args
2012-06-14 12:16:48	fijall	set	recipients: + fijall, loewis, arigo, pitrou, christian.heimes, hynek
2012-06-14 12:16:48	fijall	set	messageid: <1339676208.48.0.978931257844.issue15061@psf.upfronthosting.co.za>
2012-06-14 12:16:47	fijall	link	issue15061 messages
2012-06-14 12:16:47	fijall	create