[Python-Dev] Re: Capabilities - published interfaces

Ka-Ping Yee python-dev at zesty.ca
Mon Dec 29 04:43:16 EST 2003

I've been distracted by holiday events, but this requires a reply.

On Sat, 20 Dec 2003, Aahz wrote:
> Exactly.  From my observations of these discussions, there are
> essentially only two reasons for restricted execution:
> * To simplify things by reducing the potential solution space
> * To protect a system against a hostile attacker

There is a huge blind spot in your claim.  You forgot:

  * To limit the damage caused by a bug in your program

  * To make your programs have more predictable behaviour

Capabilities are about making clear what parts of your program
can and can't do.

> Supposedly there's a middle ground of untrusted but non-hostile code,
> but what's the point of providing support for that?

Have you ever used a library written by someone else?  Have you ever
found a bug in something you wrote yourself?

"Untrusted but non-hostile code" is what all of us write every day.

-- ?!ng

More information about the Python-Dev mailing list