Lennart Regebro wrote:
On Thu, Jan 22, 2009 at 10:38, Chris Withers <chris@simplistix.co.uk> wrote:
Note that Jim never explained to me how he does these audits, but I gathered some methods he used in conversations. I think I did a pretty thorough job during the review. Yeah, this disturbs me a lot still though :-S
I know the feeling. :) I completely trust that Stephan did a good job if he thinks he did, but I would be happy if we could gather a bunch of smart people to spread the knowledge. Maybe a security review sprint at PyCon, or somesuch? I'd like to hang in a corner and suck up the smartness. :)
The problem is that all the PyPy people smart enough to help just go "that's a bad idea, go away", and it seems only Jim is really confident enough to say how things should be with RestrictedPython in its current form... cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk