On Jul 30, 2009, at 12:50 AM, Michael Hudson wrote:
Michael Hudson wrote:
Gary Poster wrote:
...
- An import fascist controls what can be imported. You may only
import
code in a module's __all__. This actually affects all code, not
just
view code.
I do wonder what the import fascist buys us these days.
It used to, at least, prevent one from importing database code into
non-database code, which would have been another way to punch through
our security, and indeed I thought that was more of the point than
the
__all__ business.
Actually, I had that impression as well, but as you say, it didn't
seem to be doing that any more...
It doesn't look like this got updated to prevent
lp.foo.browser.bar importing from lp.baz.model.quux though, and I
don't
think we've missed it.
That said, the use of the naked SourcePackage class at
branchlisting.py:1663 is at least a bit dodgy. Maybe we should update
the facist...
I've had similar thoughts--i.e., maybe the import fascist should die,
or maybe it should be made more effective. I do think it should be
one or the other.
What do others think? Should we kill the import fascist? Or try to
make it better enforce the things we care about? Or is it fine as is?
This could be a reviewer meeting question too, but I'll try it here
first. :-)
Gary
_______________________________________________
Mailing list: https://launchpad.net/~launchpad-dev
Post to : [email protected]
Unsubscribe : https://launchpad.net/~launchpad-dev
More help : https://help.launchpad.net/ListHelp
