Nick Coghlan writes:
As you point out, most language development teams do very little to
try to educate their users about security issues.
That's partly because it isn't going to be terribly effective.
Security is a difficult subject, not one that's going to be usefully
treated in a couple
Hi python-dev and Raymond,
I think this change is a considerable usability regression for the
documentation. Right now the warnings about CSPRNGs are hidden in the
introductory paragraph, which users are likely to skip. I agree that
there's no need to repeat the same advice twice, but I'd much
On May 10, 2014, at 2:18 PM, Alex Gaynor alex.gay...@gmail.com wrote:
I think this change is a considerable usability regression for the
documentation. Right now the warnings about CSPRNGs are hidden in the
introductory paragraph, which users are likely to skip
In the past couple of
On Sat, 10 May 2014 14:35:38 -0700
Raymond Hettinger raymond.hettin...@gmail.com wrote:
In the past couple of years, we've grown an unfortunate tendency
to fill the docs with big warning boxes (the subprocess docs are
an example of implicitly communicating that the module is dangerous
and
On 11 May 2014 07:37, Raymond Hettinger raymond.hettin...@gmail.com
wrote:
On May 10, 2014, at 2:18 PM, Alex Gaynor alex.gay...@gmail.com wrote:
I think this change is a considerable usability regression for the
documentation. Right now the warnings about CSPRNGs are hidden in the
On May 10, 2014, at 6:10 PM, Nick Coghlan ncogh...@gmail.com wrote:
On 11 May 2014 07:37, Raymond Hettinger raymond.hettin...@gmail.com wrote:
On May 10, 2014, at 2:18 PM, Alex Gaynor alex.gay...@gmail.com wrote:
I think this change is a considerable usability regression for the
On May 10, 2014, at 2:54 PM, Antoine Pitrou solip...@pitrou.net wrote:
It's not about being bright or not, it's about being
*willing* to eat walls of text. However pleasant it may be for some
people to *write* documentation, for most readers (and especially
non-native English readers, who
Give it up, Raymond.
On Saturday, May 10, 2014, Raymond Hettinger raymond.hettin...@gmail.com
wrote:
On May 10, 2014, at 2:54 PM, Antoine Pitrou
solip...@pitrou.netjavascript:_e(%7B%7D,'cvml','solip...@pitrou.net');
wrote:
It's not about being bright or not, it's about being
*willing* to
Hi,
On Sun, May 11, 2014 at 12:35 AM, Raymond Hettinger
raymond.hettin...@gmail.com wrote:
On May 10, 2014, at 2:18 PM, Alex Gaynor alex.gay...@gmail.com wrote:
I think this change is a considerable usability regression for the
documentation. Right now the warnings about CSPRNGs are hidden
On 11 May 2014 08:24, Raymond Hettinger raymond.hettin...@gmail.com
wrote:
Before proceeding further with stamping distracting security
warnings all over the module documentation, we should look
to other languages to see what others have found necessary.
This warning does not appear anywhere
Nick Coghlan, 11.05.2014 01:01:
As you point out, most language development teams do very little to try to
educate their users about security issues. The consequences of that are
clearly visible in the world around us: when security is treated as an
optional afterthought, you get widespread
On May 10, 2014, at 4:15 PM, Stefan Behnel stefan...@behnel.de wrote:
Total +1 on keeping these little bits around.
Since all of you want a warning, I'll add one back
but with improved wording.
I'm not all at comfortable with the wording of the second sentence.
I was the author of the
[Raymond Hettinger]
...
I'm not all at comfortable with the wording of the second sentence.
I was the author of the SystemRandom() class and I only want
to guarantee that it provides access to the operating system's
source of random numbers. It is a bold claim to guarantee that
it is
13 matches
Mail list logo