On 26.06.2021 21:32, Ethan Furman wrote:
On 6/25/21 5:20 PM, Eric V. Smith wrote:
It seems like many of the suggestions are SSLContext specific. I don't think we should be adding __slots__ or otherwise redefining the interface to that object. Isn't this a general "problem" in python...
In most cases I would agree with you, but in this case the object is security sensitive, and security should be much more rigorous in ensuring correctness.
Isn't this more an issue of API design rather than Python's flexibility when it comes to defining attributes ? IMO, a security relevant API should not use direct attribute access for adjusting important parameters. Those should always be done using functions or method calls which apply extra sanity checks and highlight issues in form of exceptions. And those are possible in Python without calling type checking, linters or other extra tools to the rescue. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Experts (#1, Jun 26 2021)
Python Projects, Coaching and Support ... https://www.egenix.com/ Python Product Development ... https://consulting.egenix.com/
::: We implement business ideas - efficiently in both time and costs ::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 https://www.egenix.com/company/contact/ https://www.malemburg.com/