On Wed, Nov 15, 2017 at 6:50 PM, Guido van Rossum <gu...@python.org> wrote:
> On Wed, Nov 15, 2017 at 6:37 PM, Armin Rigo <armin.r...@gmail.com> wrote: > >> Hi, >> >> On 14 November 2017 at 14:55, Jan Claeys <li...@janc.be> wrote: >> > Sounds like https://www.iso.org/standard/71094.html >> > which is updating https://www.iso.org/standard/61457.html >> > (which you can download from there if you search a bit; clearly either >> > ISO doesn't have a UI/UX "standard" or they aren't following it...) >> >> Just for completeness, I think that what you can download for free >> from that second page only contains the first few sections ("Terms and >> definitions"). It doesn't even go to "Purpose of this technical >> report"---we need to pay $200 just to learn what the purpose is... >> >> *Shrug* >> > > Actually it linked to http://standards.iso.org/ittf/ > PubliclyAvailableStandards/index.html from which I managed to download > what looks like the complete c061457_ISO_IEC_TR_24772_2013.pdf (336 > pages) after clicking on an "I accept" button (I didn't read what I > accepted :-). The $200 is for the printed copy I presume. > So far I learned one thing from the report. They use the term "vulnerabilities" liberally, defining it essentially as "bug": All programming languages contain constructs that are incompletely > specified, exhibit undefined behaviour, are implementation-dependent, or > are difficult to use correctly. The use of those constructs may therefore > give rise to *vulnerabilities*, as a result of which, software programs > can execute differently than intended by the writer. > They then go on to explain that sometimes vulnerabilities can be exploited, but I object to calling all bugs vulnerabilities -- that's just using a scary word to get attention for a sleep-inducing document containing such gems as "Use floating-point arithmetic only when absolutely needed" (page 230). -- --Guido van Rossum (python.org/~guido)
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
