[Python-Dev] Re: Capabilities (we already got one)

Ka-Ping Yee ping@zesty.ca
Fri, 4 Apr 2003 06:28:18 -0600 (CST)

Michael Chermside wrote:
> It seems to me that the need for security (via capabilities or any other
> mechanism) is an UNUSUAL need. Most programs don't need it at all,
> others need it in only a few places.

I think you are missing the point somewhat.  Security is about making
sure your program will do what you expect.  So it is just as much about
avoiding bugs as about thwarting malicious agents.  Programming in a
capability style makes programs more reliable and bugs less damaging.

Colleagues of mine have established the habit of programming in a
capability style in Java -- not because Java supports capabilities,
and not because they need security at all, but just because programming
*as if* the language had capabilities leads to a better modular design.

On Fri, 4 Apr 2003, Ben Laurie wrote:
> I'm not sure I agree that the need for security is particularly unusual
> but I don't think its worth having a big argument about. I certainly do
> agree that crippling Python in order to get capabilities is not a
> desirable outcome. Not that I have that option anyway :-)

I also prefer to avoid loaded language.  No one is talking about
"crippling" anything.  The essence of a capability model is simply
to be explicit when authority is transferred.  Explicit is better
than implicit.

-- ?!ng