[Catalog-sig] pre-PEP: transition to release-file hosting at pypi site
jacob at jacobian.org
Tue Mar 12 19:52:25 CET 2013
On Tue, Mar 12, 2013 at 12:54 PM, PJ Eby <pje at telecommunity.com> wrote:
> This is a rationale for secure defaults for various options, like the
> ones I outlined in the portions of my post that you *didn't* quote.
> It's not a rationale for removing the options themselves.
Exactly; thanks for saying this better than I did.
As we've seen from the recent Rails security vulnerabilities, secure
has to be the default. Users having to explicitly choose the "secure"
option is an anti-pattern, with teeth.
As long as the default, out-of-the-box behavior is secure it's fine;
users who want to run their tools with the "--hack-me-if-you-can" flag
will find a way to do so. This isn't about taking away people's
options, but about putting secure-by-default tools into the hands
people who need them the most.
More information about the Catalog-SIG