[Python-Dev] doc for new restricted execution design for Python

[Michael Chermside]

Ka-Ping Yee writes:
> If you mean getting from a trusted interpreter to an untrusted
> interpreter -- then how is a resource going to travel between
> interpreters?

Brett Cannon responds:
> Beats me, but I am always scared of Armin and Samuele.  =)

Okay, those two scare me also, but I would still rather not
spread FUD. Your proposal contains lots of details about how to
address the danger that Python objects can cross from one
interpreter to another. Could we instead attack that straight-on
and try to find a convincing proof that objects cannot possibly
cross the interpreter barrier? If so, it would simplify a bit
of your proposal, and make me feel a little less worried.

-- Michael Chermside