How much is set in stone?
Andrew Dalke
dalke at dalkescientific.com
Sat Nov 10 12:50:17 EST 2001
More information about the Python-list mailing list
Sat Nov 10 12:50:17 EST 2001
- Previous message (by thread): How much is set in stone?
- Next message (by thread): How much is set in stone?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Paul Rubin: >Comparing Python with Perl, generally I find Python better designed >but its implementation more likely to take short cuts. I've reported several core dump bugs in Perl over time. The most recent was a couple months back. I've used Python a lot more than Perl, and I work out of CVS, so it's hard to compare the two, but I feel that they are comparable in implementation solidity. Yes, I've reported Python core dumps as well. I find it impressive you can compare implementation details. When I've found problems or had questions with Perl's C implementation, I haven't been able to figure out heads nor tails of the code. In Python, I've never had that problem except once where there was a 'tstate' bug related to how threads are done. > The security >issue with pickle.loads that we spent a long time discussing is >something I think the perl developers would not have tolerated. I thought most of those pickle bugs have been addressed. I know I sent in fixes for a couple of them. As I recall, it wasn't tolerated, but no one wanted to go fix. As for security, I'm astonished that Perl passes NUL containing strings to system calls, which opens up a Perl script to all sorts of subtle attacks. Perhaps the most famous is http://www.mail-archive.com/modperl@apache.org/msg00396.html Python raises an exception in this case. There are other concerns I have, but the point is I don't see Perl being the best example with which to compare. >There's all kinds of other missing functionality in the runtime system >as well, that doesn't result directly in unrobust programs, but does >make it more difficult to write robustly. A lot of this ng is about >the resulting issues. As I said, I've done Perl coding before, as well as Tcl, C++, and others. I've also hung around those newsgroups. I don't see specifically unusual here indicative of a lack of robustness. It may be because I read c.l.perl from the 4.0.38 -> 5.2 days (so you could say it wasn't as robust then) or c.l.tcl in the 7.x days. Wow! Google says my first post to c.l.py was in Sept. 1995 -- but I was mostly a lurker back then. Could you remind me what sorts of functionality you consider to be missing? Are you talking about things like taintedness and sandboxing? (In which case language like C++ also fit under the category of "more difficult to write robustly", with which I'll agree.) I've written a whole lot of Python code and I can't think of anything in the run-time which needed to be improved to increase robustness. There have been improvements in the language which have improved expressibility and maintainability, but I believe that to be a different though related issue. Andrew dalke at dalkescientific.com
- Previous message (by thread): How much is set in stone?
- Next message (by thread): How much is set in stone?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list