[Python-Dev] Re: Capabilities - published interfaces

[Aahz]

On Sat, Dec 20, 2003, Luke Kenneth Casson Leighton wrote:
> On Sat, Dec 20, 2003 at 10:16:29AM -0500, Aahz wrote:
>>
>> Supposedly there's a middle ground of untrusted but non-hostile code,
>> but what's the point of providing support for that?
> 
>  the example that i gave that was because i wanted to offer a subset
>  of python functionality to end-users such that they could run
>  DNS lookups, pings, check a web page existed, telnet to a box,
>  run commands and check the output.
> 
>  to some extent, i didn't care about things like __class__ because
>  1) the users weren't that bright.
>  2) the user's weren't that hostile.

Yup.  By "what's the point?" I didn't mean that there were no use cases;
the problem is that such cases are not frequent enough to justify the
effort.

>  rexec fitted the requirements perfectly - and it still does: it's
>  just been disabled and also changed into something that stops even
>  the library functions from writing to log files.
>  i couldn't even use the MySQLdb module which was kinda critical to
>  the database-driven backend.

Well, you're free to maintain rexec as a separate project (or borrow
from the still-maintained Zope system).  But anything shipped as part of
Python can't afford to assume your points 1) and 2).
-- 
Aahz (aahz at pythoncraft.com)           <*>         http://www.pythoncraft.com/

Weinberg's Second Law: If builders built buildings the way programmers wrote 
programs, then the first woodpecker that came along would destroy civilization.