[Python-Dev] rexec.py unuseable
Terry Reedy
tjreedy at udel.edu
Fri Dec 19 10:04:53 EST 2003
More information about the Python-list mailing list
Fri Dec 19 10:04:53 EST 2003
- Previous message (by thread): [Python-Dev] rexec.py unuseable
- Next message (by thread): ImportError on _socketmodule.so when running a frozen program
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
"Luke Kenneth Casson Leighton" <lkcl at lkcl.net> wrote in message news:mailman.327.1071788246.9307.python-list at python.org... [technical proposal snipped] I do not have the techical knowledge to evaluate this > I simply don't > have enough knowledge of the python codebase to do that on my own. > [unless someone was happy to pay me for long enough to find out, > of course]. But I can offer these thoughts for your consideration: * The money issue applies in one way or another to all the developers: at the moment, I don't believe anyone is employed specifically to develop Python and just do that. * The main developers are, generally, people who find Python useful as it is. Their motivation for student/volunteer/bootleg/when-possible work is mostly to make it more useful for the things it can currently do. * Safely running untrusted and quite possibly antagonistic code is a small part of the usage universe. The impetus for extending current or future Python to do this effectively will have to come from people from whom this is important enough to donate time, effort, expertise, and possibly money. (Yes, you are doing some of this, but you seem to expect someone else to pick up and run with the ball you have tossed on the field.) > in some ways, the longer this is left, the harder it is going to > be to retrospectively bolt on. > there's an adage that says security cannot be easily added in, it > has to be designed in from the start. > fortunately, i think there are a lot of smart people about :) Some of them have started the PyPy project to rewrite the interpreter in Python. If successful, this will make interpreter experimentation easier for Python programmers. It might even become the reference implementation for Python 3. Since this project is (officially) just a year old (versus about 15 years), you might be able to help design security 'in from the start'. Terry J. Reedy
- Previous message (by thread): [Python-Dev] rexec.py unuseable
- Next message (by thread): ImportError on _socketmodule.so when running a frozen program
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list