Inviato da iPhone

> Il giorno 17 ott 2016, alle ore 11:19, Nathan Woodrow <madman...@gmail.com> 
> ha scritto:
> 
> For context from here: https://lwn.net/Articles/574215/
> 
> "I now agree that putting a sandbox in CPython is the wrong design. There are 
> too many ways to escape the untrusted namespace using the various 
> introspection features of the Python language. To guarantee the [safety] of a 
> security product, the code should be [carefully] audited and the code to 
> review must be as small as possible. Using pysandbox, the "code" is the whole 
> Python core which is a really huge code base. For example, the Python and 
> Objects directories of Python 3.4 contain more than 126,000 lines of C code.
> The security of pysandbox is the security of its weakest part. A single bug 
> is enough to escape the whole sandbox."

Correct.  In fact I am talking about this other:

pypy.org  and its sandboxing, that is:
http://doc.pypy.org/en/latest/sandbox.html?highlight=Sandboxing

that reports the interesting issues you can have with other solutions, as 
CPython, for example. 
Do you have read it ?  If not, good reading  :)


> 
> 
>> On Mon, Oct 17, 2016 at 7:17 PM, Nathan Woodrow <madman...@gmail.com> wrote:
>> Honestly, this is getting tiresome. 
>> 
>> If you don't like the approval processes that we have in place currently you 
>> can create a new plugin repo, it's just an XML file exposed via webserver, 
>> there are docs around for it. 
>> 
>> You can give this URL to people and they can install your plugins via that.
>> 
>> If you don't want to do that, then you will have to go through the approval 
>> process.  I'm sure there are reasons it took longer than normal, maybe 
>> review those first.
>> 
>> If you want to follow the sandboxed Python route and see how far you get 
>> fine, however again I suspect you are in for a long road given the complex 
>> nature of that and you would still have to
>> be able to support what we can in core, etc.  
>> 
>> - Nathan
>> 
>> 
>>> On Mon, Oct 17, 2016 at 6:31 PM, Geo DrinX <geodr...@gmail.com> wrote:
>>> 
>>> 
>>> 2016-10-17 10:19 GMT+02:00 Nathan Woodrow <madman...@gmail.com>:
>>>> Qgis uses CPython. You also have to sandbox Qt, so I suspect you are 
>>>> running into a lot of dead ends.
>>>> 
>>> 
>>> Thank you for the suggestion.  We will see who is moving in dead ends.   :)
>>> 
>>> I am the crow's nest of the ship and I am experiencing the arrival of the 
>>> iceberg. 
>>> And I hear the orchestra playing :)
>>> 
>>>  
>>> Best regards and wishes for a safe journey.   ;)
>>> 
>>> 
>>> Geo
>>> 
>>> PS:  and then if you want to exit from the one direction maze you are 
>>> going,  here I am.
>>> PPS:  in the meantime, take a look of this competition:    
>>> https://goo.gl/WR8LVF
>> 
> 
_______________________________________________
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Reply via email to