On Sun, Nov 21, 2010 at 2:06 AM, Michael Foord <fuzzyman at voidspace.org.uk> wrote: >> I'll see if I'm still of the same opinion after I sleep on it, but my >> first impression of the docs was that they slightly oversold the >> strength of the "doesn't execute arbitrary code" aspect of the new >> function. The existing caveats were all relating to when getattr() and >> getattr_static() might give different answers, while the additional >> caveats I was suggesting related to cases where arbitrary code may >> still be executed. > > I'm happy to change the wording to make the promise less strong. Your latest changes may have actually made the stronger wording accurate (I certainly can't think of any loopholes off the top of my head). If you did still want to soften the wording, I'd be inclined to replace the word "avoids" with "minimises" in the appropriate places. Cheers, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4