-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lie Ryan wrote: > Tres Seaver wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Paul Moore wrote: >>> 2009/3/13 Chris Withers <ch...@simplistix.co.uk>: >>>> If a decent package management system *was* included, this wouldn't be an >>>> issue.. >>> Remember that a "decent package management system" needs to handle >>> filling in all the forms and arranging approvals to get authorisation >>> for packages when you download them. >>> >>> And no, I'm *not* joking. People in a locked-down corporate >>> environment really do benefit from just having to get the OK for >>> "Python", and then knowing that they have all they need. >> You are plainly joking: nothing in Python should know or care about the >> various bureaucratic insanities in some workplaces. Given the >> *existing* stdlib and network connectivity, nothing any corporate >> security blackshirt can do will prevent an even moderately-motivated >> person from executing arbitrary code downloaded from elsewhere. In that >> case, what is the point in trying to help those who impose such craziness? > > I (and most people, I presume) would not run arbitrary program > downloaded from somewhere else on a corporate server that holds many > important customer data even when there is no technical or even > bureaucratic restriction, maybe I will sneak around on a workstation but > definitely not on the server especially if I love my job and want to > keep it (I'm a student though so that applies to me in the future).
I'm not arguing that employees should violate their employers' policies: I'm arguing that Python itself shouldn't try to cater to such policies. Note that I'm not talking about running code pushed on me by malware authors, either: I'm talking about "ordinary" software development activities like using a script from a cookbook, or using a well-tested and supported library, rather than NIH. Given that the out-of-the-box Python install already has facilities for retrieving text over the net and executing that text, the notion of "locking down" a machine to include only the bits installed in the stock Python install is just "security theatre;" such a machine shouldn't have Python installed at all (nor a C compiler, etc.) Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJunUx+gerLs4ltQ4RAojAAKCdoliiVDoGoKzfGXNuQUZVmoPrhgCfXeSa pGCKI3wLt9W1A4ccnINSdLs= =3H9u -----END PGP SIGNATURE----- _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com