[Chicago] Python 3.5 in Ubuntu???

eviljoel eviljoel at linux.com
Fri Jan 29 00:39:50 EST 2016 

Hey All,

> But honestly I think security takes work and a lot of time to get
> right, and it may be better to use tools that have been tested rather
> than rewrite things from scratch.

This statement could be interpreted as "If you use a secure framework,
you don't have to worry about security when you write code." This, of
course, is not true. Every programmer _should_ know how to write secure
code. If you are relying on frameworks to do your security for you, then
you are probably writing vulnerable code.

I'm always surprised when I meet a programmer who has been writing web
applications for years and still does not know what SQL injection and
cross site scripting attacks are. If you are not familiar with these
terms, you should probably look them up now. You'll probably immediately
realize how many insecure applications you've written over the years.

To be fair, Tanya might have just been trying to stear people towards
using only established frameworks. Generally I agree with this practise,
if it fits your problem.

Laters,
eviljoel

On 01/25/2016 05:41 AM, Tanya Schlusser wrote:
> 
>     So a lot of words I guess to say where are
>     the standards and security committees for Ubuntu and Python and how
>     would a
>     civic hacking organization interact with them?
> 
> 
> 
> There's a recent Talk Python To Me Podcast featuring Justin Seitz, the
> author of Gray Hat Python and Black Hat Python:
> https://talkpython.fm/episodes/show/37/python-cybersecurity-and-penetration-testing
> 
> Also, the Ubuntu site's main security page:
> https://help.ubuntu.com/community/Security
> 
> But honestly I think security takes work and a lot of time to get right,
> and it may be better to use tools that have been tested rather than
> rewrite things from scratch. Web2Py actually follows the recommendations
> of the Open Web Application Security Project
> (https://www.owasp.org/index.php/Main_Page). Here's their blurb on
> security that summarizes the OWASP recommendations:
> http://www.web2py.com/book/default/chapter/01#Security
> 
> 
> 
> _______________________________________________
> Chicago mailing list
> Chicago at python.org
> https://mail.python.org/mailman/listinfo/chicago
> 

-- 
Let me teach you encrypted e-mail. eviljoel's PGP fingerprint:
A2BE 2D12 24D1 67CA 8830  DDE7 DFB3 676B 196D 6430

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/chicago/attachments/20160128/e0b01bab/attachment.sig>

More information about the Chicago mailing list