Ah Python, you have spoiled me for all other languages
Chris Angelico
rosuav at gmail.com
Mon May 25 07:09:03 EDT 2015
On Mon, May 25, 2015 at 7:39 PM, Laura Creighton <lac at openend.se> wrote:
> What people need to understand is that unless you want to stamp out
> freedom altogether, there will be crime.
Or stamp out legislation altogether and have complete anarchy. There's
no such thing as crime among animals, because there's no law beyond
"survive".
The solution isn't to try to eliminate crime, but to cope with it.
Same with our own errors: accept and acknowledge that you WILL make
mistakes, and cope with that. In a spiritual sense, that might define
your religion; in a programming sense, that's exactly why we have
source control, so we can find out what happened (and why) and fix
problems once we find them. Would you use a program that got launched
as version 1 and never changed? Would you trust it on the basis that
it clearly has no bugs, because nobody's ever needed to fix any? I
certainly wouldn't.
Some things work well centralized, because differences are worse than
slight benefits one way or another. In any given country, we usually
all drive on the same side of the road. But a lot of things work
better *de*centralized, so that if one person makes a mistake, other
people can do things differently, and hindsight evaluation lets us
choose which one to encourage. PyPI is decentralized; the Python
standard library is centralized. The guardians of the latter are
rightly slow to choose from multiple alternatives, preferring to let
the decentralized collective mind of the former figure out which is
the clear best - if there even is one.
The best form of security is probably the GPG web of trust, being
fundamentally decentralized and based on personal reputation. Imagine
if, once you register a domain, you go talk to someone about getting a
GPG key signed for it - or, better still, sign the server's key
yourself, if you have a decent WoT for your own key (which I don't).
It wouldn't be hard to use self-signed SSL certificates, sign those
certs with a GPG key, and then let people download and install certs
for anyone they consider trustworthy. In fact, this seems so obvious
that I'm sure it's already been done. Trouble is, GPG isn't nearly
well enough known for mass use... but it is going to be a lot more
reliable than anything that depends on four countries' governments [1]
agreeing.
ChrisA
[1] Yes, technically the United States of Europe is not a country. But
just how structurally different is it from the United States of
America?
More information about the Python-list
mailing list