On Sun, Jan 13, 2013 at 9:43 PM, Antoine Pitrou <solip...@pitrou.net> wrote: > As for the opacity, feel free to propose something better > ("close_on_spawn", whatever). But I'm definitely and strongly -1 > on "noinherit".
That's the main reason I quite like "sensitive" as a term for this, since it decouples the user statement ("this file descriptor provides access to potentially sensitive information") from the steps the interpreter promises to take to protect that information (such as closing it before executing a different program or ensuring it isn't inherited by child processes). We can then define a glossary entry for "sensitive" that explains the consequences of flagging a descriptor as sensitive on the various operating systems (i.e. setting cloexec on POSIX and noinherit on Windows). As the platforms provide additional security mechanisms, we can provide them without needing to change the user facing APIs. Cheers, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com