[Python-Dev] [Python-checkins] cpython: Remove the redundant and poorly worded warning message.
Nick Coghlan
ncoghlan at gmail.com
Sun May 11 01:01:33 CEST 2014
On 11 May 2014 08:24, "Raymond Hettinger" <raymond.hettinger at gmail.com>
wrote:
>
> Before proceeding further with stamping distracting security
> warnings all over the module documentation, we should look
> to other languages to see what others have found necessary.
> This warning does not appear anywhere else I've looked
> (MS Excel docs, Java docs, Go lang docs, etc.)
>
> http://docs.oracle.com/javase/6/docs/api/java/util/Random.html
> http://golang.org/pkg/math/rand/
>
> Those docs are clear, concise, not preachy, and not littered
> with distractions.
The fact that many (most?) programmers treat security considerations as a
distraction is a core part of the problem we're trying to address.
As you point out, most language development teams do very little to try to
educate their users about security issues. The consequences of that are
clearly visible in the world around us: when security is treated as an
optional afterthought, you get widespread deployment of insecure software.
At this point, we have two options:
* continue with the same model as everyone else, and treat security as an
optional extra users should feel free to ignore (or treat as an advanced
topic only specialists need to worry about)
* change our documentation practices to try to encourage the growth of a
security aware development community around Python, trusting that our users
will recognise that the security issues we're discussing are inherent in
the way computers work, rather than being specific to Python.
I'm obviously a strong advocate for the second path. Users aren't stupid,
they'll figure out that almost all the security concerns we're warning
about are inherent in the problem being solved, rather than being a
Python-specific issue.
Cheers,
Nick.
>
>
> Raymond
>
>
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
https://mail.python.org/mailman/options/python-dev/ncoghlan%40gmail.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140511/555103cc/attachment.html>
More information about the Python-Dev
mailing list