Author: Antonio Cuni <[email protected]> Branch: extradoc Changeset: r5959:0aa490b09381 Date: 2019-08-07 16:04 +0200 http://bitbucket.org/pypy/extradoc/changeset/0aa490b09381/
Log: few tweaks diff --git a/blog/draft/2019-08-sandbox.rst b/blog/draft/2019-08-sandbox.rst --- a/blog/draft/2019-08-sandbox.rst +++ b/blog/draft/2019-08-sandbox.rst @@ -4,7 +4,7 @@ "sandbox" mode and upgrade it to PyPy3. Thanks to them, sandboxing will be given a second life! -Remember sandboxing_? It is (or rather was) a special version of PyPy that runs +Sandbox_ is a special version of PyPy that runs in a fully-isolated mode. It gives a safe way to execute arbitrary Python scripts (*whole* scripts, not small bits of code inside your larger Python program). Such scripts can be fully untrusted, and they can try to do @@ -14,8 +14,10 @@ Linux's Seccomp approach, and it is more lightweight than setting up a full virtual machine. It also works without operating system support. -This sandbox mode of PyPy was deprecated long ago because of a lack of -interest, and because it took too much effort for us to maintain it. +However, during the course of the years the sandbox mode of PyPy has been +mostly unmaintained and unsupported by the core developers, mostly because of +a lack of interest by users and because it took too much effort to maintain +it. Now we have found that we have an actual user, Anvil_. As far as I can tell they are still using a very old version of PyPy, the last one that supported @@ -24,7 +26,7 @@ Part of my motivation for accepting this work is that I may have found a way to tweak the protocol on the pipe between the sandboxed PyPy and the parent controller process. This should make the sandboxed PyPy more resilient against -future developments; at most, in the future some tweaks will be needed in the +future developments and easier to maintain; at most, in the future some tweaks will be needed in the controller process but hopefully not deep inside the guts of the sandboxed PyPy. Among the advantages, such a more robust solution should mean that we can actually get a working sandboxed PyPy or sandboxed PyPy3 or sandboxed @@ -35,4 +37,4 @@ Armin Rigo .. _Anvil: https://anvil.works -.. _sandboxing: http://doc.pypy.org/en/latest/sandbox.html +.. _sandbox: http://doc.pypy.org/en/latest/sandbox.html _______________________________________________ pypy-commit mailing list [email protected] https://mail.python.org/mailman/listinfo/pypy-commit
