Lennart Regebro wrote:
> On Thu, Jan 22, 2009 at 10:38, Chris Withers <ch...@simplistix.co.uk> wrote:
>>> Note that Jim never explained to me how he does these audits, but I gathered
>>> some methods he used in conversations. I think I did a pretty thorough job
>>> during the review.
>> Yeah, this disturbs me a lot still though :-S
> 
> I know the feeling. :) I completely trust that Stephan did a good job
> if he thinks he did, but I would be happy if we could gather a bunch
> of smart people to spread the knowledge. Maybe a security review
> sprint at PyCon, or somesuch? I'd like to hang in a corner and suck up
> the smartness. :)

The problem is that all the PyPy people smart enough to help just go 
"that's a bad idea, go away", and it seems only Jim is really confident 
enough to say how things should be with RestrictedPython in its current 
form...

cheers,

Chris

-- 
Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk
_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to