[Patches] [Patch #101055] Cookie.py
Tim Peters
tim_one@email.msn.com
Sat, 19 Aug 2000 13:23:22 -0400
Please don't discuss patches on the patches list <wink -- I know how silly
that sounds!>. From http://python.sourceforge.net/sf-faq.html:
Discussion of major patches is carried out on the Python-Dev
mailing list. For simple patches, the SourceForge comment
mechanism should be sufficient. [xxx an email gateway would
be great, ditto Ping's Roundup]
Not all developers read patches-list, discussions *always* end up getting
x-posted to Python-Dev too, and then some do and some don't, and then it's
impossible to follow the discussion. So Guido asked that we stop using the
patches-list for discussion, and that's where the rule above came from.
Thanks.
> -----Original Message-----
> From: patches-admin@python.org [mailto:patches-admin@python.org]On
> Behalf Of Moshe Zadka
> Sent: Saturday, August 19, 2000 5:39 AM
> To: Fred L. Drake, Jr.
> Cc: noreply@sourceforge.net; akuchlin@mems-exchange.org;
> patches@python.org
> Subject: Re: [Patches] [Patch #101055] Cookie.py
>
>
> On Fri, 18 Aug 2000, Fred L. Drake, Jr. wrote:
>
> > That would have no effect on any of the Python tagging. It's
> > probably worthwhile making sure there are no tags in the ,v file, but
> > that can be done after it gets dropped in place.
> > Now, Greg Stein will tell us that dropping this into place is the
> > wrong thing to do. What it *will* screw up is people asking for the
> > state of Python at a specific date before the file was actually added;
> > they'll get this file even for when it wasn't in the Python CVS tree.
> > I can live with that, but we should make a policy decision for the
> > Python tree regarding this sort of thing.
>
> Do we really need the ',v' version? It's not like we'll revert to
> any previous version. And by the way, there are a couple of things
> we should consider changing before slating this up for an official
> release:
>
> 1) Change __repr__ --> __str__, and give an honest __repr__
> 2) Deprecate SmartCookie and SerilizedCookie: those two are real security
> holes, and I'm worried it might give Python an undeserved unsecure
> reputation. Or, maybe, add a mandatory password and only accept md5
> signed versions.
>
> We *can* break backwards compatability now, because Cookie was not an
> official part of Python, and we *should* break it now, because that's
> the last chance we'll have.
>
> --
> Moshe Zadka <moshez@math.huji.ac.il>
> There is no IGLU cabal.
> http://advogato.org/person/moshez
>
>
> _______________________________________________
> Patches mailing list
> Patches@python.org
> http://www.python.org/mailman/listinfo/patches