On 4/20/06, Jan Claeys <[EMAIL PROTECTED]> wrote: > A man-in-the-middle-attack and other ways to "inject" a different module > than intended by the author are also possible with the current default > filesystem based imports, so I don't think that's a good argument > against http-imports (or other similar extensions to import).
Do you know much about security? If it's not safe to go out at night in your neighborhood, do you use that as an argument that you also shouldn't get out of bed at night to go to the bathroom? Trusting my local disk is asking a lot less than trusting the entire internet. If my machine has been compromised ALL bets are off and I might as well worry about whether 1+1 is still 2. There are many ways to reach a sufficient level of trust in a machine you own (although a small amount of paranoia is fine). But regarding the internet, the only way to survive is a healthy dose of paranoia, combined with state of the art encryption and authentication etc. (And yes, I know for a fact there are no monsters under my bed. I asked, and they said "no". :-) -- --Guido van Rossum (home page: http://www.python.org/~guido/) _______________________________________________ Python-3000 mailing list Python-3000@python.org http://mail.python.org/mailman/listinfo/python-3000 Unsubscribe: http://mail.python.org/mailman/options/python-3000/archive%40mail-archive.com
