On Mon, Jul 26, 2010 at 7:36 AM, Stefan Behnel <stefan_ml at behnel.de> wrote: > geremy condra, 26.07.2010 16:29: >> >> I've noticed that I don't have a lot of success in shifting this kind >> of debate, so I'm not sure it's a good idea to publicly discuss >> vulnerabilities in something that may wind up being implemented as-is, >> but it's up to you guys. > > Hmm, security by obscurity? That's a good idea. Let's do that more often. FWIW, security by obscurity has a bad rep in some circles, but it is an essential component of any serious security policy. It just should never be the *only* component. (In fact, any serious security policy should have multiple disparate components.) In this case, it looks like (a) the cat is already out of the bag, and (b) it's easy to figure out from the PEPs where the vulnerabilities lie, so I don't think we'll gain much by shushing it up. -- --Guido van Rossum (python.org/~guido)
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4