Inviato da iPhone
> Il giorno 17 ott 2016, alle ore 11:19, Nathan Woodrow <madman...@gmail.com>
> ha scritto:
> For context from here: https://lwn.net/Articles/574215/
> "I now agree that putting a sandbox in CPython is the wrong design. There are
> too many ways to escape the untrusted namespace using the various
> introspection features of the Python language. To guarantee the [safety] of a
> security product, the code should be [carefully] audited and the code to
> review must be as small as possible. Using pysandbox, the "code" is the whole
> Python core which is a really huge code base. For example, the Python and
> Objects directories of Python 3.4 contain more than 126,000 lines of C code.
> The security of pysandbox is the security of its weakest part. A single bug
> is enough to escape the whole sandbox."
Correct. In fact I am talking about this other:
pypy.org and its sandboxing, that is:
that reports the interesting issues you can have with other solutions, as
CPython, for example.
Do you have read it ? If not, good reading :)
>> On Mon, Oct 17, 2016 at 7:17 PM, Nathan Woodrow <madman...@gmail.com> wrote:
>> Honestly, this is getting tiresome.
>> If you don't like the approval processes that we have in place currently you
>> can create a new plugin repo, it's just an XML file exposed via webserver,
>> there are docs around for it.
>> You can give this URL to people and they can install your plugins via that.
>> If you don't want to do that, then you will have to go through the approval
>> process. I'm sure there are reasons it took longer than normal, maybe
>> review those first.
>> If you want to follow the sandboxed Python route and see how far you get
>> fine, however again I suspect you are in for a long road given the complex
>> nature of that and you would still have to
>> be able to support what we can in core, etc.
>> - Nathan
>>> On Mon, Oct 17, 2016 at 6:31 PM, Geo DrinX <geodr...@gmail.com> wrote:
>>> 2016-10-17 10:19 GMT+02:00 Nathan Woodrow <madman...@gmail.com>:
>>>> Qgis uses CPython. You also have to sandbox Qt, so I suspect you are
>>>> running into a lot of dead ends.
>>> Thank you for the suggestion. We will see who is moving in dead ends. :)
>>> I am the crow's nest of the ship and I am experiencing the arrival of the
>>> And I hear the orchestra playing :)
>>> Best regards and wishes for a safe journey. ;)
>>> PS: and then if you want to exit from the one direction maze you are
>>> going, here I am.
>>> PPS: in the meantime, take a look of this competition:
Qgis-developer mailing list
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer