Nick Coghlan writes:
> As you point out, most language development teams do very little to
> try to educate their users about security issues.
That's partly because it isn't going to be terribly effective.
Security is a difficult subject, not one that's going to be usefully
treated in a couple
[Raymond Hettinger]
> ...
> I'm not all at comfortable with the wording of the second sentence.
> I was the author of the SystemRandom() class and I only want
> to guarantee that it provides access to the operating system's
> source of random numbers. It is a bold claim to guarantee that
> it is cr
On May 10, 2014, at 4:15 PM, Stefan Behnel wrote:
> Total +1 on keeping these little bits around.
Since all of you want a warning, I'll add one back
but with improved wording.
I'm not all at comfortable with the wording of the second sentence.
I was the author of the SystemRandom() class and I
Nick Coghlan, 11.05.2014 01:01:
> As you point out, most language development teams do very little to try to
> educate their users about security issues. The consequences of that are
> clearly visible in the world around us: when security is treated as an
> optional afterthought, you get widespread
On 11 May 2014 08:24, "Raymond Hettinger"
wrote:
>
> Before proceeding further with stamping distracting security
> warnings all over the module documentation, we should look
> to other languages to see what others have found necessary.
> This warning does not appear anywhere else I've looked
> (M
Hi,
On Sun, May 11, 2014 at 12:35 AM, Raymond Hettinger
wrote:
>
> On May 10, 2014, at 2:18 PM, Alex Gaynor wrote:
>
> I think this change is a considerable usability regression for the
> documentation. Right now the warnings about CSPRNGs are hidden in the
> introductory paragraph, which users
Give it up, Raymond.
On Saturday, May 10, 2014, Raymond Hettinger
wrote:
>
> On May 10, 2014, at 2:54 PM, Antoine Pitrou
> >
> wrote:
>
> It's not about being bright or not, it's about being
> *willing* to eat walls of text. However pleasant it may be for some
> people to *write* documentation,
On May 10, 2014, at 2:54 PM, Antoine Pitrou wrote:
> It's not about being bright or not, it's about being
> *willing* to eat walls of text. However pleasant it may be for some
> people to *write* documentation, for most readers (and especially
> non-native English readers, who read more slowly a
On May 10, 2014, at 6:10 PM, Nick Coghlan wrote:
>
> On 11 May 2014 07:37, "Raymond Hettinger" wrote:
> >
> >
> > On May 10, 2014, at 2:18 PM, Alex Gaynor wrote:
> >
> >> I think this change is a considerable usability regression for the
> >> documentation. Right now the warnings about CSPRN
On 11 May 2014 07:37, "Raymond Hettinger"
wrote:
>
>
> On May 10, 2014, at 2:18 PM, Alex Gaynor wrote:
>
>> I think this change is a considerable usability regression for the
documentation. Right now the warnings about CSPRNGs are hidden in the
introductory paragraph, which users are likely to sk
On Sat, 10 May 2014 14:35:38 -0700
Raymond Hettinger wrote:
>
> In the past couple of years, we've grown an unfortunate tendency
> to fill the docs with big warning boxes (the subprocess docs are
> an example of implicitly communicating that the module is dangerous
> and unusable).
>
> The prefe
On May 10, 2014, at 2:18 PM, Alex Gaynor wrote:
> I think this change is a considerable usability regression for the
> documentation. Right now the warnings about CSPRNGs are hidden in the
> introductory paragraph, which users are likely to skip
In the past couple of years, we've grown an un
Hi python-dev and Raymond,
I think this change is a considerable usability regression for the
documentation. Right now the warnings about CSPRNGs are hidden in the
introductory paragraph, which users are likely to skip. I agree that
there's no need to repeat the same advice twice, but I'd much rat
13 matches
Mail list logo