Re: [Python-Dev] Python possible vulnerabilities in concurrency

On 15Nov2017 2053, Guido van Rossum wrote: On Wed, Nov 15, 2017 at 6:50 PM, Guido van Rossum > wrote: So far I learned one thing from the report. They use the term "vulnerabilities" liberally, defining it essentially as "bug": All programming languages contain con

Re: [Python-Dev] Python possible vulnerabilities in concurrency

On Fri, Nov 17, 2017 at 3:40 PM, Koos Zevenhoven wrote: > On Thu, Nov 16, 2017 at 6:53 AM, Guido van Rossum > wrote: > >> On Wed, Nov 15, 2017 at 6:50 PM, Guido van Rossum >> wrote: >>> >>> >>> Actually it linked to http://standards.iso.org/ittf/ >>> PubliclyAvailableStandards/index.html from w

Re: [Python-Dev] Python possible vulnerabilities in concurrency

On Thu, Nov 16, 2017 at 6:53 AM, Guido van Rossum wrote: > On Wed, Nov 15, 2017 at 6:50 PM, Guido van Rossum > wrote: >> >> >> Actually it linked to http://standards.iso.org/ittf/ >> PubliclyAvailableStandards/index.html from which I managed to download >> what looks like the complete c061457_IS

Re: [Python-Dev] Python possible vulnerabilities in concurrency

On 16/11/17 04:53, Guido van Rossum wrote: [snip] They then go on to explain that sometimes vulnerabilities can be exploited, but I object to calling all bugs vulnerabilities -- that's just using a scary word to get attention for a sleep-inducing document containing such gems as "Use floa

Re: [Python-Dev] Python possible vulnerabilities in concurrency

CWE (Common Weakness Enumeration) has numbers (and URLs) and a graph model, and code examples, and mitigations for bugs, vulnerabilities, faults, design flaws, weaknesses. https://cwe.mitre.org/ Research Concepts https://cwe.mitre.org/data/definitions/1000.html Development Concepts https://cwe.mi

Re: [Python-Dev] Python possible vulnerabilities in concurrency

On Wed, Nov 15, 2017 at 6:50 PM, Guido van Rossum wrote: > On Wed, Nov 15, 2017 at 6:37 PM, Armin Rigo wrote: > >> Hi, >> >> On 14 November 2017 at 14:55, Jan Claeys wrote: >> > Sounds like https://www.iso.org/standard/71094.html >> > which is updating https://www.iso.org/standard/61457.html >>

Re: [Python-Dev] Python possible vulnerabilities in concurrency

On Wed, Nov 15, 2017 at 6:37 PM, Armin Rigo wrote: > Hi, > > On 14 November 2017 at 14:55, Jan Claeys wrote: > > Sounds like https://www.iso.org/standard/71094.html > > which is updating https://www.iso.org/standard/61457.html > > (which you can download from there if you search a bit; clearly e

Re: [Python-Dev] Python possible vulnerabilities in concurrency

Hi, On 14 November 2017 at 14:55, Jan Claeys wrote: > Sounds like https://www.iso.org/standard/71094.html > which is updating https://www.iso.org/standard/61457.html > (which you can download from there if you search a bit; clearly either > ISO doesn't have a UI/UX "standard" or they aren't follo

Re: [Python-Dev] Python possible vulnerabilities in concurrency

On Tue, 2017-11-14 at 13:15 +0100, Antoine Pitrou wrote: > On Mon, 13 Nov 2017 15:55:03 -0500 > Stephen Michell wrote: > > I am looking for one or two experts to discuss with me how Python > > concurrency features fit together, and possible vulnerabilities > > associated with that. > > > > TR 247

Re: [Python-Dev] Python possible vulnerabilities in concurrency

Hi Stephen, On Mon, 13 Nov 2017 15:55:03 -0500 Stephen Michell wrote: > I am looking for one or two experts to discuss with me how Python concurrency > features fit together, and possible vulnerabilities associated with that. > > TR 24772 lists 5 vulnerabilities associated with Can you expla

[Python-Dev] Python possible vulnerabilities in concurrency

I am looking for one or two experts to discuss with me how Python concurrency features fit together, and possible vulnerabilities associated with that. TR 24772 lists 5 vulnerabilities associated with 1. activating threads, tasks or pico-threads 2. Directed termination of threads, tasks or pico