Am 23.04.2012 15:05, schrieb Kristján Valur Jónsson: > IMHO, we are _much_ too generous at applying this to almost whatever > gets exposed between .c files. I have created something called the > "restricted" api for our custom python27.dll where I use different > macros (PyAPI_RFUNC, pyAPI_RDATA) to mean that things aren't exported > for "restricted" builds. We use it to remove some of the easier > access points to the dll for hackers to exploit. > > Also, once declared exported this way, things become more bothersome > to remove again, since once could always argue that someone out there > is using these thigns.
For this, PyAPI_FUNC doesn't really matter. A symbol that is listed in the header file is available on Unix even without such a declaration, so listing it in the public header file is already the step that makes it public, not specifying it as PyAPI_FUNC. I agree that too much API is public, but the right approach is to rename such API to _Py*, indicating to users that we don't want them to use it. For existing API, that's tricky; for new API, I think it should be private by default. See also PEP 384. Regards, Martin _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
