[Python-Dev] Integrate BeautifulSoup into stdlib?
tseaver at palladion.com
Fri Mar 13 16:01:05 CET 2009
-----BEGIN PGP SIGNED MESSAGE-----
Lie Ryan wrote:
> Tres Seaver wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> Paul Moore wrote:
>>> 2009/3/13 Chris Withers <chris at simplistix.co.uk>:
>>>> If a decent package management system *was* included, this wouldn't be an
>>> Remember that a "decent package management system" needs to handle
>>> filling in all the forms and arranging approvals to get authorisation
>>> for packages when you download them.
>>> And no, I'm *not* joking. People in a locked-down corporate
>>> environment really do benefit from just having to get the OK for
>>> "Python", and then knowing that they have all they need.
>> You are plainly joking: nothing in Python should know or care about the
>> various bureaucratic insanities in some workplaces. Given the
>> *existing* stdlib and network connectivity, nothing any corporate
>> security blackshirt can do will prevent an even moderately-motivated
>> person from executing arbitrary code downloaded from elsewhere. In that
>> case, what is the point in trying to help those who impose such craziness?
> I (and most people, I presume) would not run arbitrary program
> downloaded from somewhere else on a corporate server that holds many
> important customer data even when there is no technical or even
> bureaucratic restriction, maybe I will sneak around on a workstation but
> definitely not on the server especially if I love my job and want to
> keep it (I'm a student though so that applies to me in the future).
I'm not arguing that employees should violate their employers' policies:
I'm arguing that Python itself shouldn't try to cater to such policies.
Note that I'm not talking about running code pushed on me by malware
authors, either: I'm talking about "ordinary" software development
activities like using a script from a cookbook, or using a well-tested
and supported library, rather than NIH.
Given that the out-of-the-box Python install already has facilities for
retrieving text over the net and executing that text, the notion of
"locking down" a machine to include only the bits installed in the stock
Python install is just "security theatre;" such a machine shouldn't
have Python installed at all (nor a C compiler, etc.)
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Python-Dev