Martijn Faassen wrote:
It's good to know we have some eyes on this particular topic. Thanks
Stephan! I talked to Chris about this at the EuroPython conference
after Chris started offering free beer and even bottles of champagne
for people who could point out flaws (beer) and submit fixes with
tests (champagne). Unfortunately for everybody now suddenly hopeful
this offer has since expired (nobody took him up on it during
EuroPython :).

...and unfortunately, from chatting with some of the PyPy guys, I set an unfair challenge too: you couldn't even iterate over [1,2,3] in the environment I set in the challenge.

The problem is that the module is poorly documented and tested. The docs on PyPI cover one specific use path and that's not even the one used by Zope 2's PythonScripts.

The PyPy guys are also of the opinion that the AST hacking is completely the wrong way to go about creating a restricted python environment. They gave an interesting lightning talk where they showed a truly restricted environment where you could still do all the "normal" python things except the provider of the restricted environment had to actively implement hooks for any c-level stuff to be do-able. They could also control the maximum amount of memory the restricted environment could consume, which is something we sorely miss in RestrictedPython.
(the code they were using is up here:
 ...and in particular:

I think the "right" thing to do here is engage with the PyPy guys on their mailing list:

...and work with their guidance to re-implement RestrictedPython in a way that doesn't use AST hacks. I suspect we'll likely end up with a much faster and more robust environment.

It would be great if, on the way, RestrictedPython was fully documented and tested...



Simplistix - Content Management, Zope & Python Consulting
Zope-Dev maillist  -
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to