Tres Seaver wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Lie Ryan wrote:
Tres Seaver wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul Moore wrote:
2009/3/13 Chris Withers <ch...@simplistix.co.uk>:
If a decent package management system *was* included, this wouldn't be an
issue..
Remember that a "decent package management system" needs to handle
filling in all the forms and arranging approvals to get authorisation
for packages when you download them.
And no, I'm *not* joking. People in a locked-down corporate
environment really do benefit from just having to get the OK for
"Python", and then knowing that they have all they need.
You are plainly joking: nothing in Python should know or care about the
various bureaucratic insanities in some workplaces. Given the
*existing* stdlib and network connectivity, nothing any corporate
security blackshirt can do will prevent an even moderately-motivated
person from executing arbitrary code downloaded from elsewhere. In that
case, what is the point in trying to help those who impose such craziness?
I (and most people, I presume) would not run arbitrary program
downloaded from somewhere else on a corporate server that holds many
important customer data even when there is no technical or even
bureaucratic restriction, maybe I will sneak around on a workstation but
definitely not on the server especially if I love my job and want to
keep it (I'm a student though so that applies to me in the future).
I'm not arguing that employees should violate their employers' policies:
I'm arguing that Python itself shouldn't try to cater to such policies.
Basically you're saying: Python is designed not to work on such environment.
Note that I'm not talking about running code pushed on me by malware
authors, either: I'm talking about "ordinary" software development
activities like using a script from a cookbook, or using a well-tested
and supported library, rather than NIH.
Some companies have /very/ strict policies on running anything on live
server, including scripts you write yourself. The problem is if the
script goes awry, it might disturb the stability or even security of the
server.
Given that the out-of-the-box Python install already has facilities for
retrieving text over the net and executing that text, the notion of
"locking down" a machine to include only the bits installed in the stock
Python install is just "security theatre;" such a machine shouldn't
have Python installed at all (nor a C compiler, etc.)
When the server administrator is already freaked out about adding an
script developed by in-house employee, what about adding an external module?
Of course all of this does not (usually) apply to regular workstation. A
messed up workstation only means a reinstall, a messed up server may
mean company reputation.
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
