Nick Coghlan writes: > As you point out, most language development teams do very little to > try to educate their users about security issues.
That's partly because it isn't going to be terribly effective. Security is a difficult subject, not one that's going to be usefully treated in a couple of lines here, a couple more there. And it is generally an application issue, not one that is specific to individual features. If we're serious about this, I suggest following the RFC pattern: *every* module's documentation should have a "Security Considerations" section. Probably the content will be basically the same as the existing warning boxes, but with a consistent approach throughout the docs it could convey the importance of always thinking about security. > The consequences of that are clearly visible in the world around > us: when security is treated as an optional afterthought, But (FWIW) that's what warning boxes looks like to me. An afterthought. Not a systematic attempt to encourage security by teaching about secure programming. By your own words, we are nowhere close to a world where "a word, to the wise, is sufficient." _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
