[Python-Dev] [Python-checkins] cpython: Remove the redundant and poorly worded warning message.
Stefan Behnel
stefan_ml at behnel.de
Sun May 11 01:15:31 CEST 2014
Nick Coghlan, 11.05.2014 01:01:
> As you point out, most language development teams do very little to try to
> educate their users about security issues. The consequences of that are
> clearly visible in the world around us: when security is treated as an
> optional afterthought, you get widespread deployment of insecure software.
>
> At this point, we have two options:
>
> * continue with the same model as everyone else, and treat security as an
> optional extra users should feel free to ignore (or treat as an advanced
> topic only specialists need to worry about)
>
> * change our documentation practices to try to encourage the growth of a
> security aware development community around Python, trusting that our users
> will recognise that the security issues we're discussing are inherent in
> the way computers work, rather than being specific to Python.
>
> I'm obviously a strong advocate for the second path. Users aren't stupid,
> they'll figure out that almost all the security concerns we're warning
> about are inherent in the problem being solved, rather than being a
> Python-specific issue.
Even if I know the problematic parts of a certain corner of software
development or just of a specific tool, I prefer reading in the
documentation that the authors of that tool are also aware of the
(potential) problems. Makes me feel more comfortable with trusting the
software.
Total +1 on keeping these little bits around.
Stefan
More information about the Python-Dev
mailing list