[Python-3000] Support for PEP 3131

Guillaume Proux gproux+py3000 at gmail.com
Fri May 25 04:01:56 CEST 2007 

Hi Jim,
On 5/25/07, Jim Jewett <jimjjewett at gmail.com> wrote:
> It isn't strictly security; when I've been burned by cut-and-paste
> that turned out to be an unexpected character, it didn't cause damage,
> but it did take me a long time to debug.

Can you give a longer explanation because I don't understand what is
the issue. Is it like the issue with confusing 0 and O ? You seemingly
already have an experience with using something that is now not legal
in Python. Was it in Java or .NET world?

> For most people, the appearance of a Greek or Japanese (let alone
> both) character would be more likely to indicate a typo.  If you know
> that your project is using both languages, then just allow both; the
> point is that you have made an explicit decision to do so.

You are missing one of my main points but it is maybe not a very
strong point (the earlier email was maybe throwing away  too many
ideas at a time... i guess japanese sake lasts longer in the mouth :)
)

* Python is dynamic (you can have a e.g. pygtk user interface which
enables you to load at runtime a new .py file even to use a text view
to type in a mini-script that will do something specific in your
application domain): you never know what will get loaded next
* Python is embeddable: and often it is to bring the power of python
to less sophisticated users. You can imagine having a global system
deployed all around the world by a global company enabling each user
in each subsidiary to create their own extension scripts.
* There is a runtime cost for checking: the speed vs. security
tradeoff (for a security benefit that is still very much hypothetical
in the face of the experience of Java and .NET people) should be born
by the paranoid people (who are ALREADY accustomed to losing CPU
cycles to RSBAC security systems).
* In real life, you won't see much python programs that are not
written in your script. If you are really paranoid to see evil chars
take over your python src dir though, a -pedantic option as pointed
out earlier should take care of all your worries.

cheers,

G

More information about the Python-3000 mailing list