[Python-Dev] Thoughts fresh after EuroPython
Guido van Rossum
guido at python.org
Mon Jul 26 16:55:58 CEST 2010
On Mon, Jul 26, 2010 at 7:36 AM, Stefan Behnel <stefan_ml at behnel.de> wrote:
> geremy condra, 26.07.2010 16:29:
>>
>> I've noticed that I don't have a lot of success in shifting this kind
>> of debate, so I'm not sure it's a good idea to publicly discuss
>> vulnerabilities in something that may wind up being implemented as-is,
>> but it's up to you guys.
>
> Hmm, security by obscurity? That's a good idea. Let's do that more often.
FWIW, security by obscurity has a bad rep in some circles, but it is
an essential component of any serious security policy. It just should
never be the *only* component. (In fact, any serious security policy
should have multiple disparate components.)
In this case, it looks like (a) the cat is already out of the bag, and
(b) it's easy to figure out from the PEPs where the vulnerabilities
lie, so I don't think we'll gain much by shushing it up.
--
--Guido van Rossum (python.org/~guido)
More information about the Python-Dev
mailing list