[Python-Dev] [Python-checkins] cpython: Remove the redundant and poorly worded warning message.
Stephen J. Turnbull
stephen at xemacs.org
Sun May 11 15:34:20 CEST 2014
More information about the Python-Dev mailing list
Sun May 11 15:34:20 CEST 2014
- Previous message: [Python-Dev] [Python-checkins] cpython: Remove the redundant and poorly worded warning message.
- Next message: [Python-Dev] [Python-checkins] cpython: Remove the redundant and poorly worded warning message.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Nick Coghlan writes: > As you point out, most language development teams do very little to > try to educate their users about security issues. That's partly because it isn't going to be terribly effective. Security is a difficult subject, not one that's going to be usefully treated in a couple of lines here, a couple more there. And it is generally an application issue, not one that is specific to individual features. If we're serious about this, I suggest following the RFC pattern: *every* module's documentation should have a "Security Considerations" section. Probably the content will be basically the same as the existing warning boxes, but with a consistent approach throughout the docs it could convey the importance of always thinking about security. > The consequences of that are clearly visible in the world around > us: when security is treated as an optional afterthought, But (FWIW) that's what warning boxes looks like to me. An afterthought. Not a systematic attempt to encourage security by teaching about secure programming. By your own words, we are nowhere close to a world where "a word, to the wise, is sufficient."
- Previous message: [Python-Dev] [Python-checkins] cpython: Remove the redundant and poorly worded warning message.
- Next message: [Python-Dev] [Python-checkins] cpython: Remove the redundant and poorly worded warning message.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list