-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 22.01.2009 10:38 Uhr, Chris Withers wrote: > Stephan Richter wrote: >> On Wednesday 21 January 2009, Andreas Jung wrote: >>> - RestrictedPython security audit: such an audit has been made >>> by Stefan and Sidnei. I am not qualified to speak about the >>> correctness of the audit. I assume they know what they were >>> doing. Unless objections one might consider this issue as >>> resolved - if not, please speak up. >> >> Note that Jim never explained to me how he does these audits, but I >> gathered some methods he used in conversations. I think I did a pretty >> thorough job during the review. > > Yeah, this disturbs me a lot still though :-S > > It's a shame Jim has so little time to spend on this...
Take your hat and collect some money for hiring Jim :-) > It's also a shame that no one seems to be able to get any sense out of > the PyPy guys in this area... > > One thing that myself and Shane talked briefly about on this list was > re-implementing the AST manipulation as dissallow-by-default filter > rather than a straight manipulation. That way, unexpected stuff should > be allowed by default. That feels like it might be a lot safer when it > comes to python version changes, but I must admit, I haven't looked > closely enough to give a definitive answer... > You know the difference between fiction and the reality. We have RP now and have to deal with it within a reasonable amount of time. Andreas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkl4Wp4ACgkQCJIWIbr9KYxNnwCeOcvTqwCPsoXvPFh6lJ03+un2 NaEAn2kU7climKJQXvnnmOhJPJ3ZVkhJ =fUMO -----END PGP SIGNATURE-----
begin:vcard fn:Andreas Jung n:Jung;Andreas org:ZOPYX Ltd. & Co. KG adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany email;internet:i...@zopyx.com title:CEO tel;work:+49-7071-793376 tel;fax:+49-7071-7936840 tel;home:+49-7071-793257 x-mozilla-html:FALSE url:www.zopyx.com version:2.1 end:vcard
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
