[Zope3-dev] datetime module

[Guido van Rossum]

> I wonder if the pickling machinery should do something special with 
> classes that define __slots__ = [] ? This seems like a worthy 
> special-case to me.

It seems too complex to me to add an exception on top of the exception
for __slots__.  Using __slots__ = [] is a pretty severe hack; you can
then define your own pickling if you need to.

> > - date/time objects are inaccessible from untrusted code (e.g. you
> >   cannot do a somedateobject.isoformat() from a page template).  Should
> >   there be appropriate security declarations somewhere in the
> >   configure.zcml forest, or should these date/time objects be kept
> >   unwrapped like objects of Python builtin types?
> 
> In Python2.3, datetime is a builtin.

Actually, it'll be an extension module.

> In Python2.2 with Zope3, datetime is in the same place (lib/python), and 
> so is a "given".
> 
> So, I think its security declarations belong in Checker.py, along with 
> the declarations for other builtins such as dicts, tuples, lists and 
> strings.

Yes.

> A datetime is not immutable (like a string or a tuple), even though
> it is intended to be used immutably. So, it cannot be a "rock", and
> it does need security assertions.

Too bad.  They could be made purely read-only by adding __slots__, but
that would make pickling harder, so I agree that for now it needs
security assertions.

The C type in Python 2.3 will be truly immutable.

--Guido van Rossum (home page: http://www.python.org/~guido/)