[Python-Dev] Impact of Namedtuple on startup time

Nathaniel Smith njs at pobox.com
Mon Jul 17 22:25:27 EDT 2017


On Jul 17, 2017 5:28 PM, "Steven D'Aprano" <steve at pearwood.info> wrote:

On Mon, Jul 17, 2017 at 09:31:20PM +0000, Brett Cannon wrote:

> As for removing exec() as a goal, I'll back up Christian's point and the
> one Steve made at the language summit that removing the use of exec() from
> the critical path in Python is a laudable goal from a security
perspective.

I'm sorry, I don't understand this point. What do you mean by "critical
path"?

Is the intention to remove exec from builtins? From the entire language?
If not, how does its use in namedtuple introduce a security problem?


I think the intention is to allow users with a certain kind of security
requirement to opt in to a restricted version of the language that doesn't
support exec. This is difficult if the stdlib is calling exec all over the
place. But nobody is suggesting to change the language in regular usage,
just provide another option.

-n
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20170717/e5d2cdec/attachment.html>


More information about the Python-Dev mailing list