[Patches] [Patch #101055] Cookie.py
Moshe Zadka
Moshe Zadka <moshez@math.huji.ac.il>
Sat, 19 Aug 2000 12:38:54 +0300 (IDT)
On Fri, 18 Aug 2000, Fred L. Drake, Jr. wrote:
> That would have no effect on any of the Python tagging. It's
> probably worthwhile making sure there are no tags in the ,v file, but
> that can be done after it gets dropped in place.
> Now, Greg Stein will tell us that dropping this into place is the
> wrong thing to do. What it *will* screw up is people asking for the
> state of Python at a specific date before the file was actually added;
> they'll get this file even for when it wasn't in the Python CVS tree.
> I can live with that, but we should make a policy decision for the
> Python tree regarding this sort of thing.
Do we really need the ',v' version? It's not like we'll revert to
any previous version. And by the way, there are a couple of things
we should consider changing before slating this up for an official
release:
1) Change __repr__ --> __str__, and give an honest __repr__
2) Deprecate SmartCookie and SerilizedCookie: those two are real security
holes, and I'm worried it might give Python an undeserved unsecure
reputation. Or, maybe, add a mandatory password and only accept md5
signed versions.
We *can* break backwards compatability now, because Cookie was not an
official part of Python, and we *should* break it now, because that's
the last chance we'll have.
--
Moshe Zadka <moshez@math.huji.ac.il>
There is no IGLU cabal.
http://advogato.org/person/moshez