[Python-Dev] [Python-checkins] cpython: Remove the redundant and poorly worded warning message.
Stephen J. Turnbull
stephen at xemacs.org
Sun May 11 15:34:20 CEST 2014
Nick Coghlan writes:
> As you point out, most language development teams do very little to
> try to educate their users about security issues.
That's partly because it isn't going to be terribly effective.
Security is a difficult subject, not one that's going to be usefully
treated in a couple of lines here, a couple more there. And it is
generally an application issue, not one that is specific to individual
features.
If we're serious about this, I suggest following the RFC pattern:
*every* module's documentation should have a "Security Considerations"
section. Probably the content will be basically the same as the
existing warning boxes, but with a consistent approach throughout the
docs it could convey the importance of always thinking about security.
> The consequences of that are clearly visible in the world around
> us: when security is treated as an optional afterthought,
But (FWIW) that's what warning boxes looks like to me. An
afterthought. Not a systematic attempt to encourage security by
teaching about secure programming. By your own words, we are nowhere
close to a world where "a word, to the wise, is sufficient."
More information about the Python-Dev
mailing list