Password, trust and user notification

[Aidan Steele]

Hi,

As you said yourself -- it's all about trust. If this person knows nothing
of programming, then (s)he is obviously at the mercy of the programmers,
which is why we have warranties in commerical software, reputuations to
uphold in the open source arena and malware elsewhere. ;-) Sure, there will
always be people that will abuse your trust and we should all do whatever we
can to avoid such people, but realistically the only people writing
open-source software of any notability will usually be fairly trustworthy
people, even if only out of necessity as their reputation is on the line.

Failing that, there's no reason one could not pay an independent third-party
code auditor to inspect the code. Such auditors will usually guarantee the
safety of products they've investigated, but this comes at a cost. Hope this
helps.

On 11 Dec 2006 20:16:31 -0800, placid <Bulkan at gmail.com> wrote:
>
> Hi all,
>
> I was going to write this script for a friend that notifies him via
> logging onto his Gmail account and sending him an email to his work
> email about some events occurring in the execution of the script.
> If you enter your password into a script as input how can someone trust
> the programmer that he will not send a email to himself containing his
> password? Assuming this person does not know anything about programming
> and this person knows nothing about programming ethics.
>
> This is coming from the fact that i need to notify the user in someway
> that does not require her to constantly watch the execution of the
> script, for example when a user signs in to Windows Live Messenger pop
> up.
>
>
> Cheers
>
>
> 1. http://libgmail.sourceforge.net/      This is the library i use to
> access a Gmail account via Python
>
> --
> http://mail.python.org/mailman/listinfo/python-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20061212/2aa06a54/attachment.html>