-----BEGIN PGP SIGNED MESSAGE-----
On 22.01.2009 10:38 Uhr, Chris Withers wrote:
> Stephan Richter wrote:
>> On Wednesday 21 January 2009, Andreas Jung wrote:
>>> - RestrictedPython security audit: such an audit has been made
>>> by Stefan and Sidnei. I am not qualified to speak about the
>>> correctness of the audit. I assume they know what they were
>>> doing. Unless objections one might consider this issue as
>>> resolved - if not, please speak up.
>> Note that Jim never explained to me how he does these audits, but I
>> gathered some methods he used in conversations. I think I did a pretty
>> thorough job during the review.
> Yeah, this disturbs me a lot still though :-S
> It's a shame Jim has so little time to spend on this...
Take your hat and collect some money for hiring Jim :-)
> It's also a shame that no one seems to be able to get any sense out of
> the PyPy guys in this area...
> One thing that myself and Shane talked briefly about on this list was
> re-implementing the AST manipulation as dissallow-by-default filter
> rather than a straight manipulation. That way, unexpected stuff should
> be allowed by default. That feels like it might be a lot safer when it
> comes to python version changes, but I must admit, I haven't looked
> closely enough to give a definitive answer...
You know the difference between fiction and the reality. We have RP
now and have to deal with it within a reasonable amount of time.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
org:ZOPYX Ltd. & Co. KG
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -