Guido van Rossum <guido@python.org>: > First of all, reST is going to be used a lot in Zope3. Maybe it could > become a standard library module? I'm unfamiliar with this issue. > We can do that in Python 2.3. Because this is backwards incompatible, > I propose that you have to request this protocol explicitly. I > propose to "upgrade' the binary flag to a general "protocol version" > flag, with values: > > 0 - original protocol > 1 - binary protocol > 2 - new protocol +0. That is, I don't care but the change seems reasonable and harmless. > I'd also like to get rid of __safe_for_unpickling__ and all other > pseudo security features. Attempting to unpickle pickles from an > untrusted source is insane, and nothing can help us there; I'd rather > make the marshal protocol bulletproof (all it needs is a few more > checks for inconsistent data and a little better error handling). I do care about *this*, and it's the reason I'm responding. The `safety' feature always struck me as grubby and non-orthogonal, an attempt to patch over a problem that fundamentally cannot be solved at that level, and one that could only backfire by creating a false sense of security in people who weren't really thinking about the underlying difficulty. If we're going to have a sandboxing[1] facility in Python, it should be decoupled from pickling and more general. +1. Scrap that feature, it was wrong to begin with. -- <a href="http://www.tuxedo.org/~esr/">Eric S. Raymond</a> [1] I just realized that `sandbox' in this sense isn't in the Jargon File. I'm off to add it...
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4