[Python-3000] Support for PEP 3131
Guido van Rossum
guido at python.org
Fri May 25 05:09:33 CEST 2007
On 5/24/07, Ka-Ping Yee <python at zesty.ca> wrote:
> To pit this as "ascii lovers vs. non-ascii lovers" is a pretty large
> oversimplification. You could name them "people who want to be able
> to know what the code says" and "people who don't mind not being able
> to know what the code says". Or you could name them "people who want
> Python's lexical syntax to be something they fully understand" and
> "people who don't mind the extra complexity". Or "people who don't
> want Python's lexical syntax to be tied to a changing external
> standard" and "people who don't mind the extra variability."
> However you characterize them, keep in mind that those in the former
> group are asking for default behaviour that 100% of Python users
> already use and understand. There's no cost to keeping identifiers
> ASCII-only because that's what Python already does.
> I think that's a pretty strong reason for making the new, more complex
> behaviour optional.
If there's a security argument to be made for restricting the alphabet
used by code contributions (even by co-workers at the same company), I
don't see why ASCII-only projects should have it easier than projects
in other cultures.
It doesn't look like any kind of global flag passed to the interpreter
would scale -- once I am using a known trusted contribution that uses
a different character set than mine, I would have to change the global
setting to be more lenient, and the leniency would affect all code I'm
A more useful approach would seem to be a set of auditing tools that
can be applied routinely to all new contributions (e.g. as a
pre-commit hook when using a source control system), or to all code in
a given directory, download, etc. I don't see this as all that
different from using e.g. PyChecker of PyLint.
While I routinely perform visual code inspections (code review is the
law at Google, and I wrote the tool used internally to do these), I
certainly don't see this as a security audit -- I use it as a
mentoring activity and to reach agreement over issues as diverse as
coding style, architecture and implementation techniques between
trusting colleagues. Scanning for stray non-ASCII characters is best
left to automated tools.
--Guido van Rossum (home page: http://www.python.org/~guido/)
More information about the Python-3000