[Python-Dev] Impact of Namedtuple on startup time
Brett Cannon
brett at python.org
Tue Jul 18 18:00:44 EDT 2017
On Mon, 17 Jul 2017 at 19:26 Nathaniel Smith <njs at pobox.com> wrote:
> On Jul 17, 2017 5:28 PM, "Steven D'Aprano" <steve at pearwood.info> wrote:
>
> On Mon, Jul 17, 2017 at 09:31:20PM +0000, Brett Cannon wrote:
>
> > As for removing exec() as a goal, I'll back up Christian's point and the
> > one Steve made at the language summit that removing the use of exec()
> from
> > the critical path in Python is a laudable goal from a security
> perspective.
>
> I'm sorry, I don't understand this point. What do you mean by "critical
> path"?
>
> Is the intention to remove exec from builtins? From the entire language?
> If not, how does its use in namedtuple introduce a security problem?
>
>
> I think the intention is to allow users with a certain kind of security
> requirement to opt in to a restricted version of the language that doesn't
> support exec. This is difficult if the stdlib is calling exec all over the
> place. But nobody is suggesting to change the language in regular usage,
> just provide another option.
>
What Nathaniel said. :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20170718/ae227fe4/attachment-0001.html>
More information about the Python-Dev
mailing list