[Python-Dev] new features for 2.3?

Mon, 6 Jan 2003 13:39:30 -0500

Guido van Rossum <guido@python.org>:
> First of all, reST is going to be used a lot in Zope3.  Maybe it could
> become a standard library module?

I'm unfamiliar with this issue.

> We can do that in Python 2.3.  Because this is backwards incompatible,
> I propose that you have to request this protocol explicitly.  I
> propose to "upgrade' the binary flag to a general "protocol version"
> flag, with values:
> 
> 0 - original protocol
> 1 - binary protocol
> 2 - new protocol

+0.  That is, I don't care but the change seems reasonable and harmless.

> I'd also like to get rid of __safe_for_unpickling__ and all other
> pseudo security features.  Attempting to unpickle pickles from an
> untrusted source is insane, and nothing can help us there; I'd rather
> make the marshal protocol bulletproof (all it needs is a few more
> checks for inconsistent data and a little better error handling).

I do care about *this*, and it's the reason I'm responding. The
`safety' feature always struck me as grubby and non-orthogonal, an
attempt to patch over a problem that fundamentally cannot be solved at
that level, and one that could only backfire by creating a false sense
of security in people who weren't really thinking about the underlying
difficulty.

If we're going to have a sandboxing[1] facility in Python, it should be
decoupled from pickling and more general.

+1.  Scrap that feature, it was wrong to begin with.
-- 
		<a href="http://www.tuxedo.org/~esr/">Eric S. Raymond</a>

[1] I just realized that `sandbox' in this sense isn't in the Jargon File.  
I'm off to add it...