Op 15-06-2021 om 19:14 schreef Grant Edwards:
On 2021-06-15, Menno Holscher <mennoholsc...@gmail.com> wrote:
There is no difference regarding security concerns.
I find that hard to believe given the long list of CVEs I've just had
to sort through for even fairly recent versions of PHP. I just can't
belive that Python has anywhere close to that many secruity issues.
An excellent example. The "concerns" here are "Is this platform safe?"
and "Does the supplier/community react promptly to security problems?".
In case of PHP indeed the safety of the platform is a worry, however,
apparently if there is a problem, action is taken.
How does the Tkinter/TCL/TK software or the PyQt/Qt do in that respect?
Just looking at the number of CVEs, is that enough? What if one of these
stacks has few, but long outstanding security problems? Would that be
better or worse than the situation for PHP?
As an aside, I do not know the amount of CVEs PHP nor Python is
receiving. When I search the NIST CVE database for the word Python I get
43 hits for the last 3 months. None of those are against the language or
the CPython interpreter and only 1 against a Standard Library package or
module (urllib3). A lot of the others are for web frameworks and
extensions for those, as well as Tensorflow. So as you argue, it seems
Python does really well as a secure development platform.
--
Met vriendelijke groet / Kind regards
Menno Hölscher
--
https://mail.python.org/mailman/listinfo/python-list
