At 01:00 PM 7/23/2006 -0700, Brett Cannon wrote: >I obviously don't want to change the feel of Python, but if I have to >remove the constructor for code objects to prevent evil bytecode or >__subclasses__() from object to prevent poking around stuff, then so be >it. For this project, security is trumpeting backwards-compatibility when >the latter is impossible in order to have the former. I will obviously >try to minimize it, but something that works at such a basic level of the >language is just going to require some changes for it to work.
Zope 3's sandboxing machinery manages to handle securing these things without any language changes. So, declaring it "impossible" to manage without backward compatibility seems inappropriate, or at least incorrect. But perhaps there is something I'm missing? _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com