On Thu, Aug 23, 2012 at 8:40 AM, Ben Hearsum <bhear...@mozilla.com> wrote:
> On 08/22/12 04:38 PM, Gregory Szorc wrote: > > Let's think of what can be done to secure/limit Python. Disabling import > > has already been mentioned. That's a start. > > I think it's worth noting that even if you *do* limit what you can do > through some technical means, you still have the option to change that > later, disable it some places, etc. It's really easy to get into that > game when you're fixing blockers or working on chemspills, too. > If someone is that desperate, what would you have them do instead of hack the configuration file? Aren't they likely to respond by doing some even worse hack that gets the job done? I think it makes a ton of sense to use automation to stop developers accidentally doing something they shouldn't. But if someone's desperate enough to disable the automation, and can get a review for it, then I don't think it makes sense to try to stop them. Rob -- “You have heard that it was said, ‘Love your neighbor and hate your enemy.’ But I tell you, love your enemies and pray for those who persecute you, that you may be children of your Father in heaven. ... If you love those who love you, what reward will you get? Are not even the tax collectors doing that? And if you greet only your own people, what are you doing more than others?" [Matthew 5:43-47] _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform