Alex Martelli schrieb: > Aldo Cortesi <[EMAIL PROTECTED]> wrote: > >> Thus spake Steven D'Aprano ([EMAIL PROTECTED]): >> >>> If you're relying on cursory visual inspection to recognize harmful code, >>> you're already vulnerable to trojans. >> What a daft thing to say. How do YOU recognize harmful code in a patch >> submission? Perhaps you blindly apply patches, and then run your test suite >> on >> a quarantined system, with an instrumented operating system to allow you to >> trace process execution, and then perform a few weeks worth of analysis on >> the >> data? >> >> Me, I try to understand a patch by reading it. Call me old-fashioned. > > I concur, Aldo. Indeed, if I _can't_ be sure I understand a patch, I > don't accept it -- I ask the submitter to make it clearer. > > Homoglyphs would ensure I could _never_ be sure I understand a patch, > without at least running it through some transliteration tool. I don't > think the world of open source needs this extra hurdle in its path.
But then, where's the problem? Just stick to accepting only patches that are plain ASCII *for your particular project*. And if you want to be sure, put an ASCII encoding header in all source files (which you want to do anyway, to prevent the same problem with string constants). The PEP is only arguing to support this decision at a per-project level rather than forbidding it at the language level. This makes sense as it moves the power into the hands of those people who actually use it, not those who designed the language. Stefan -- http://mail.python.org/mailman/listinfo/python-list
