PEP 3131: Supporting Non-ASCII Identifiers
Alex Martelli
aleax at mac.com
Mon May 14 02:00:17 EDT 2007
Aldo Cortesi <aldo at nullcube.com> wrote:
> Thus spake Steven D'Aprano (steven at REMOVE.THIS.cybersource.com.au):
>
> > If you're relying on cursory visual inspection to recognize harmful code,
> > you're already vulnerable to trojans.
>
> What a daft thing to say. How do YOU recognize harmful code in a patch
> submission? Perhaps you blindly apply patches, and then run your test suite on
> a quarantined system, with an instrumented operating system to allow you to
> trace process execution, and then perform a few weeks worth of analysis on the
> data?
>
> Me, I try to understand a patch by reading it. Call me old-fashioned.
I concur, Aldo. Indeed, if I _can't_ be sure I understand a patch, I
don't accept it -- I ask the submitter to make it clearer.
Homoglyphs would ensure I could _never_ be sure I understand a patch,
without at least running it through some transliteration tool. I don't
think the world of open source needs this extra hurdle in its path.
Alex
More information about the Python-list
mailing list