Michael Hudson wrote: > Gary Poster wrote: >> Hi all. >> >> Many moons ago, during a review, Barry and I talked about the way we do >> security in our view code. I felt that neither the purpose nor the >> rules for our security story were crystal clear. This led to a >> discussion in the reviewers meeting, and an action item for me to bring >> up the discussion with the whole team. >> >> It's been so long that I strongly suspect I will miss some important >> parts of the previous discussions, for which I apologize in advance. >> Hopefully others will be willing to repeat their past corrections and >> additions of what I write. >> >> So here's my understanding of where we are. Please correct and comment! > > It looks pretty accurate to me. > >> - An import fascist controls what can be imported. You may only import >> code in a module's __all__. This actually affects all code, not just >> view code. > > I do wonder what the import fascist buys us these days. > > It used to, at least, prevent one from importing database code into > non-database code, which would have been another way to punch through > our security, and indeed I thought that was more of the point than the > __all__ business. It doesn't look like this got updated to prevent > lp.foo.browser.bar importing from lp.baz.model.quux though, and I don't > think we've missed it.
That said, the use of the naked SourcePackage class at branchlisting.py:1663 is at least a bit dodgy. Maybe we should update the facist... Cheers, mwh _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
