@Benjamin hm I didn't think about the barriers between the VM and the C(/++) abi. Btw iron python also runs on the mono cli.. so it's not really a problem as far as cross platform is concerned.
@Campbell "Blender will continue to go with option #1, (allow security hole to exist), rather then switch language/language implementation." As far as team resources go it would probably make the most sense at this point, but it's still something to address. Even if blender does nothing but push the CPython team to work on security for future releases, it still a security hole. Luckily, python isn't a popular attack vector yet. What about checking MD5 hashes on core scripts and having a command line option to shut down all other scripts? That way if there is a bad script, a user still has the ability to open a file to try and extract useful data. _______________________________________________ Bf-committers mailing list [email protected] http://lists.blender.org/mailman/listinfo/bf-committers
