On Mon, 17 Jul 2017 at 19:26 Nathaniel Smith <n...@pobox.com> wrote: > On Jul 17, 2017 5:28 PM, "Steven D'Aprano" <st...@pearwood.info> wrote: > > On Mon, Jul 17, 2017 at 09:31:20PM +0000, Brett Cannon wrote: > > > As for removing exec() as a goal, I'll back up Christian's point and the > > one Steve made at the language summit that removing the use of exec() > from > > the critical path in Python is a laudable goal from a security > perspective. > > I'm sorry, I don't understand this point. What do you mean by "critical > path"? > > Is the intention to remove exec from builtins? From the entire language? > If not, how does its use in namedtuple introduce a security problem? > > > I think the intention is to allow users with a certain kind of security > requirement to opt in to a restricted version of the language that doesn't > support exec. This is difficult if the stdlib is calling exec all over the > place. But nobody is suggesting to change the language in regular usage, > just provide another option. >
What Nathaniel said. :)
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
