Hanno Schlichting wrote:
> Stephan Richter wrote:
>> On Wednesday 15 October 2008, Sidnei da Silva wrote:
>>> I don't want to rain on your parade, but I already did a first pass at
>>> reviewing the changes in Python 2.5 and Python 2.6. There are no
>>> significant changes that I could spot so far. Apparently the major
>>> changes are:
>> I also did a review for Python 2.5 a while ago...
> So does this mean RestrictedPython just had a bad emotional status in
> the community, but it is actually well proven and reviewed now?

It has been reviewed by Jim for Python 2.4. When he did this, he wrote 
notes.txt which gives you a quick overview over the internals. The 
GSoC-sponsored efforts to port Zope 3 and Zope 2 to Python 2.5 included 
a review of RestrictedPython as well. As far as I can tell, the only 
changes to RestrictedPython were made by Sidnei a couple of days ago 
when he fixed it up for the new keywords in Python 2.6 and added some 
tests for features new in Python 2.5 and 2.6.

> I always was under the impression that Jim feared the code and the
> required security audit was perceived as a major painful undertaking.

It's certainly something that should be undertaken carefully. New 
syntactical features (such as the =+ operator in the past, or the 'with' 
statement or inplace 'if' now) have to be analyzed with respect to their 
bytecode. Bytecode changes have to be tracked as well.

It looks like Sidnei is on top of that already, though, which is 
certainly great to hear! Go Sidnei! :)
Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to