Re: Thoughts fresh after EuroPython
[Posted July 28, 2010 by corbet]
| From: |
| Guido van Rossum <guido-AT-python.org> |
| To: |
| Stefan Behnel <stefan_ml-AT-behnel.de> |
| Subject: |
| Re: Thoughts fresh after EuroPython |
| Date: |
| Mon, 26 Jul 2010 07:55:58 -0700 |
| Message-ID: |
| <AANLkTimKX_ZnX+Za79L0n2dtSpMHG8c6gnpkaCMhNekz@mail.gmail.com> |
| Cc: |
| python-dev-AT-python.org |
| Archive‑link: | |
Article |
On Mon, Jul 26, 2010 at 7:36 AM, Stefan Behnel <stefan_ml@behnel.de> wrote:
> geremy condra, 26.07.2010 16:29:
>>
>> I've noticed that I don't have a lot of success in shifting this kind
>> of debate, so I'm not sure it's a good idea to publicly discuss
>> vulnerabilities in something that may wind up being implemented as-is,
>> but it's up to you guys.
>
> Hmm, security by obscurity? That's a good idea. Let's do that more often.
FWIW, security by obscurity has a bad rep in some circles, but it is
an essential component of any serious security policy. It just should
never be the *only* component. (In fact, any serious security policy
should have multiple disparate components.)
In this case, it looks like (a) the cat is already out of the bag, and
(b) it's easy to figure out from the PEPs where the vulnerabilities
lie, so I don't think we'll gain much by shushing it up.
--
--Guido van Rossum (python.org/~guido)
