[Python-Dev] Python possible vulnerabilities in concurrency
Guido van Rossum
guido at python.org
Wed Nov 15 23:53:15 EST 2017
On Wed, Nov 15, 2017 at 6:50 PM, Guido van Rossum <guido at python.org> wrote:
> On Wed, Nov 15, 2017 at 6:37 PM, Armin Rigo <armin.rigo at gmail.com> wrote:
>
>> Hi,
>>
>> On 14 November 2017 at 14:55, Jan Claeys <lists at janc.be> wrote:
>> > Sounds like https://www.iso.org/standard/71094.html
>> > which is updating https://www.iso.org/standard/61457.html
>> > (which you can download from there if you search a bit; clearly either
>> > ISO doesn't have a UI/UX "standard" or they aren't following it...)
>>
>> Just for completeness, I think that what you can download for free
>> from that second page only contains the first few sections ("Terms and
>> definitions"). It doesn't even go to "Purpose of this technical
>> report"---we need to pay $200 just to learn what the purpose is...
>>
>> *Shrug*
>>
>
> Actually it linked to http://standards.iso.org/ittf/
> PubliclyAvailableStandards/index.html from which I managed to download
> what looks like the complete c061457_ISO_IEC_TR_24772_2013.pdf (336
> pages) after clicking on an "I accept" button (I didn't read what I
> accepted :-). The $200 is for the printed copy I presume.
>
So far I learned one thing from the report. They use the term
"vulnerabilities" liberally, defining it essentially as "bug":
All programming languages contain constructs that are incompletely
> specified, exhibit undefined behaviour, are implementation-dependent, or
> are difficult to use correctly. The use of those constructs may therefore
> give rise to *vulnerabilities*, as a result of which, software programs
> can execute differently than intended by the writer.
>
They then go on to explain that sometimes vulnerabilities can be exploited,
but I object to calling all bugs vulnerabilities -- that's just using a
scary word to get attention for a sleep-inducing document containing such
gems as "Use floating-point arithmetic only when absolutely needed" (page
230).
--
--Guido van Rossum (python.org/~guido)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20171115/ef5af228/attachment.html>
More information about the Python-Dev
mailing list