On Wed, Nov 8, 2017 at 10:58 AM, Chris Barker - NOAA Federal
wrote:
>
>
> But the point is that the compiler is recursive, and processing nested
> constructs consumes the C stack. There are some guards against too deep
> recursion (2.7 has less guards and more vulnerable),
Hi,
The dangers of eval and exec are obvious and well known to advanced users,
but the availability as built-in functions makes it too tempting for
beginners or even medium-level programmers. You can see questions about
these function pretty often in stackoverflow (roughly once a day
On Mon, Nov 6, 2017 at 10:36 PM, Stéfane Fermigier wrote:
>
>
> On Tue, Nov 7, 2017 at 2:58 AM, Guido van Rossum wrote:
>
>> On Mon, Nov 6, 2017 at 2:34 AM, Stéfane Fermigier
>> wrote:
>>
>>> 4) 10 years ago, when I was working on the
On 7 November 2017 at 20:38, Chris Barker wrote:
> On Tue, Nov 7, 2017 at 5:04 AM, Thomas Jollans wrote:
>>
>> As Ivan said earlier, perhaps the Windows installers should provide a
>> "python3" executable, so "python3 -m pip" works everywhere.
>
> absolutely!
07.11.17 16:41, Steven D'Aprano пише:
On Tue, Nov 07, 2017 at 03:35:58PM +0200, Serhiy Storchaka wrote:
07.11.17 12:29, אלעזר пише:
Also, it is unfortunate that `ast.literal_eval` is less accessible than
`builtins.eval`. Giving it an alias in builtins might make it easier for
programmers (and
On Tue, Nov 7, 2017 at 4:52 AM, Nick Coghlan wrote:
> Yes, going with "3.10", but encoding it as "3A" in lexically ambiguous
> contexts is another option that would let us get as far as 3.35 (aka
> "3Z") before encountering ambiguity problems.
>
No way. I call YAGNI on
On Wed, Nov 8, 2017 at 7:33 AM, Chris Barker wrote:
> On Tue, Nov 7, 2017 at 6:41 AM, Steven D'Aprano wrote:
>> In any case, I think that securing literal_eval is much simpler than
>> securing eval:
>>
>> try:
>> # a thousand character expression
On Tue, Nov 7, 2017 at 5:04 AM, Thomas Jollans wrote:
>
> As Ivan said earlier, perhaps the Windows installers should provide a
> "python3" executable, so "python3 -m pip" works everywhere.
>
absolutely! I really, really thought it did (I'm amazed I never heard
from a single
On Tue, Nov 7, 2017 at 2:29 AM, אלעזר wrote:
> The dangers of eval and exec are obvious and well known to advanced users,
> but the availability as built-in functions makes it too tempting for
> beginners or even medium-level programmers.
>
I find it dubious to claim that
On 7 November 2017 at 12:44, Nick Coghlan wrote:
>> - make sure the system path is correctly set
>
> Recent python.org Windows installers do this automatically, but there
> are unfortunately still lots of ways for things to go wrong.
I believe the latest installers switch it
On 6 November 2017 at 22:19, Stephan Houben wrote:
> 2017-11-06 12:53 GMT+01:00 Brice Parent :
>> I think the only problem we can reach here, not only in our lifetimes, but
>> in the next years, is not Python3.10 vs Python31.0 (Python3.x will be long
>>
On 2017-11-06 19:04, Michel Desmoulin wrote:
>
>> I don't see anything particularly bogging here.
>> It's always like this when you have multiple versions of the same
>> software on the system. There's only one PATH, after all.
>>
>> Heck, *the mere fact that Python allows to work like this is
On 07.11.2017 16:11, Paul Moore wrote:
It is, but like any such approach (Cygwin is similar, in principle if
not in execution) that makes one OS "look like" another, whether it's
appropriate is very dependent on circumstances. Training potential
Windows developers in a bash/Ubuntu style
On 7 November 2017 at 13:06, אלעזר wrote:
> On Tue, Nov 7, 2017 at 2:45 PM Nick Coghlan wrote:
>>
>> On 7 November 2017 at 03:52, Michel Desmoulin
>> wrote:
>>
>> > And assume that stuff in any tutorial you make they know this
07.11.17 12:29, אלעזר пише:
Also, it is unfortunate that `ast.literal_eval` is less accessible than
`builtins.eval`. Giving it an alias in builtins might make it easier for
programmers (and less scary - "ast" might sound like I need a PhD to use
it).
ast.literal_eval is not so safe as you
On 7 November 2017 at 03:52, Michel Desmoulin wrote:
>
>
> Le 06/11/2017 à 09:47, Nick Coghlan a écrit :
>> On 6 November 2017 at 16:47, Michel Desmoulin
>> wrote:
>>> I really want some people from this list to discuss here so we can find
On Tue, Nov 7, 2017 at 2:45 PM Nick Coghlan wrote:
> On 7 November 2017 at 03:52, Michel Desmoulin
> wrote:
> And assume that stuff in any tutorial you make they know this stuff.
> >
> > This is a strong barrier or entry IMO.
>
> Sure, but it's
On 2017-11-06 23:53, Ivan Pozdeev via Python-ideas wrote:
> On 07.11.2017 1:48, Chris Barker wrote:
>> On Mon, Nov 6, 2017 at 9:52 AM, Michel Desmoulin
>> > wrote:
>>
>> I know and you still:
>>
>> - have to use py -m on windows,
On Mon, Nov 6, 2017 at 5:27 PM, Barry Warsaw wrote:
>
> Guido van Rossum wrote:
>
> > This is beginning to sound like the most attractive solution. We could
> > possibly do away with typing_extensions. Are there precedents of how to
> > bundle a module in this way? Or is it
On 2017-11-07 08:29 AM, אלעזר wrote:
Hi,
The dangers of eval and exec are obvious and well known to advanced
users, but the availability as built-in functions makes it too
tempting for beginners or even medium-level programmers. You can see
questions about these function pretty often in
But the point is that the compiler is recursive, and processing nested
constructs consumes the C stack. There are some guards against too deep
recursion (2.7 has less guards and more vulnerable), but it is hard to
prove that all vulnerabilities are fixed.
Your method (limiting the size of the
:
On 7 November 2017 at 18:53, Guido van Rossum wrote:
> I find it dubious to claim that these functions are dangerous to beginners.
> The dangers are related to attacks on servers that are exposed to the
> internet and beginners have no business running servers.
I can't be
On Tue, Nov 07, 2017 at 01:53:00PM -0800, Guido van Rossum wrote:
> On Tue, Nov 7, 2017 at 2:29 AM, אלעזר wrote:
>
> > The dangers of eval and exec are obvious and well known to advanced users,
> > but the availability as built-in functions makes it too tempting for
> >
On Tue, Nov 7, 2017 at 6:26 PM, Steven D'Aprano wrote:
> On Tue, Nov 07, 2017 at 01:53:00PM -0800, Guido van Rossum wrote:
> > On Tue, Nov 7, 2017 at 2:29 AM, אלעזר wrote:
> >
> > > The dangers of eval and exec are obvious and well known to advanced
>
On Tue, Nov 7, 2017 at 6:41 AM, Steven D'Aprano wrote:
> > >Also, it is unfortunate that `ast.literal_eval` is less accessible than
> > >`builtins.eval`. Giving it an alias in builtins might make it easier for
> > >programmers (and less scary - "ast" might sound like I need
On 07.11.2017 23:38, Chris Barker wrote:
with ensurepip, having pip no installed in a python is getting less
common, so maybe this isn't needed anymore, but
pip is problematic in environments that have their own package manager
(i.e. anything but bare Windows) because it doesn't honor its
One (smaller) suggestion on the PATH situation on Windows:
I noticed that Visual C++ Build Tools installs a number of "Command
prompts"
under its Start menu item, each of which starts a cmd.exe with appropriate
PATH
set to the appropriate compiler (32/64 bits or ARM cross-compiler), and
assorted
On Tue, Nov 07, 2017 at 03:35:58PM +0200, Serhiy Storchaka wrote:
> 07.11.17 12:29, אלעזר пише:
> >Also, it is unfortunate that `ast.literal_eval` is less accessible than
> >`builtins.eval`. Giving it an alias in builtins might make it easier for
> >programmers (and less scary - "ast" might
On 07.11.2017 18:34, Stephan Houben wrote:
One (smaller) suggestion on the PATH situation on Windows:
I noticed that Visual C++ Build Tools installs a number of "Command
prompts"
under its Start menu item, each of which starts a cmd.exe with
appropriate PATH
set to the appropriate compiler
29 matches
Mail list logo