On Mon, Jul 26, 2010 at 7:36 AM, Stefan Behnel <stefan_ml@behnel.de> wrote:
geremy condra, 26.07.2010 16:29:
I've noticed that I don't have a lot of success in shifting this kind of debate, so I'm not sure it's a good idea to publicly discuss vulnerabilities in something that may wind up being implemented as-is, but it's up to you guys.
Hmm, security by obscurity? That's a good idea. Let's do that more often.
FWIW, security by obscurity has a bad rep in some circles, but it is an essential component of any serious security policy. It just should never be the *only* component. (In fact, any serious security policy should have multiple disparate components.) In this case, it looks like (a) the cat is already out of the bag, and (b) it's easy to figure out from the PEPs where the vulnerabilities lie, so I don't think we'll gain much by shushing it up. -- --Guido van Rossum (python.org/~guido)