Ka-Ping Yee wrote:
Off the top of my head, i only see two things that would have to be fixed to turn Python into a capability-secure system:
Access to each object is limited to its declared exposed interface; no introspection allowed.
No global namespace of modules (sys.modules etc.).
If there is willingness to consider a "secure mode" for Python in which these two things are enforced, i would be interested in making it happen.
FWIW, I think that would be a useful model.