If I were an administrator of a computer network at an industrial, governmental, or educational operation, I would not want people downloading risky software to their workstations. Theft of passwords, confidential information, access to health, financial, accounts etc is a growing concern. It's not that anything has necessarily changed technically, just there's more attention to this security issue.
It has been policy for years now, that you cannot even take your laptop computer into some (US) government offices. I don't know of any workable solutions (and only one not-so-workable one involving a trusted virtual machine). RJF On Thursday, September 14, 2017 at 6:21:28 AM UTC-7, kcrisman wrote: > > > > On Wednesday, September 13, 2017 at 4:35:38 PM UTC-4, Jeroen Demeyer wrote: >> >> On 2017-09-13 21:56, rjf wrote: >> > Just because a package builds, loads, and passes some tests >> > doesn't mean that it also includes some security attack. >> > Does anyone care about / have any useful thoughts about /. that? >> >> What would security even mean for a mathematics program? Sage is not >> meant for security, so your question makes little sense. >> > > Well, in principle someone could use a bug in an outside program to hack > into Sage, and then use that to gain access (e.g. via Sage shell abilities > or os.* in Python) to gain access to a system, right? I agree that it's > relatively unlikely compared to the likelihood of a Sage user clicking on a > phishing link. > -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
