On 01/22/2014 05:16 AM, M.-A. Lemburg wrote:
On 22.01.2014 13:43, Jesse Noller wrote:
Donald is perfectly right: today, it's trivial to MITM an application
that relies off of the current behavior; this is bad news bears for
users and developers as it means they need domain knowledge to secure
their applications by default they may not have.
I don't think you need much domain knowledge to insert
a single line of code into applications to enable the checks.
I find myself on the "dumb user" side of this argument, and I think it is much like the str/unicode transition of 3.0 --
which is it say, there are many who didn't understand unicode until forced to by 3.0, and likewise there will be many
who don't understand security until forced to by enabling this new feature. One big difference is it's possible to
opt-out of this security feature (which is a good thing, considering all the ill-configured systems out there).
--
~Ethan~
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
