> but in this case the object is security sensitive, and security should be > much more rigorous in ensuring correctness.
It looks like there's a consensus being reached, should I create a bpo? Thomas Grainger On Sat, 26 Jun 2021 at 23:03, Ethan Furman <et...@stoneleaf.us> wrote: > > On 6/26/21 1:55 PM, Marc-Andre Lemburg wrote: > > On 26.06.2021 21:32, Ethan Furman wrote: > > >> In most cases I would agree with you, but in this case the object is > security > >> sensitive, and security should be much more rigorous in ensuring > correctness. > > > > Isn't this more an issue of API design rather than Python's > > flexibility when it comes to defining attributes ? > > I think it's both, with the majority of the responsibility being on the API > design. > > > IMO, a security relevant API should not use direct attribute > > access for adjusting important parameters. Those should always > > be done using functions or method calls which apply extra sanity > > checks and highlight issues in form of exceptions. > > Agreed -- but Python's nature makes it easy to use attribute access to make > adjustments, and that should also be > constrained in security conscious objects. > > -- > ~Ethan~ > _______________________________________________ > Python-ideas mailing list -- python-ideas@python.org > To unsubscribe send an email to python-ideas-le...@python.org > https://mail.python.org/mailman3/lists/python-ideas.python.org/ > Message archived at > https://mail.python.org/archives/list/python-ideas@python.org/message/W37274R4WDTRXG2Y2U4RPTFHWXBEGZFE/ > Code of Conduct: http://python.org/psf/codeofconduct/ _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/MIGA25G5QCIQMI5JILEAEXNYNK54CFA5/ Code of Conduct: http://python.org/psf/codeofconduct/
