Message6964
Logged In: YES
user_id=31392
I don't think of the issue you describe as a bug in the
code. You're suggesting a new feature for pickle. As far
as I can tell, the original design requirements for pickle
did not include the ability to securely load a pickle from
an untrusted source.
It may be a legitimate feature request, but it's too late to
make it into Python 2.2. I suggest we look at the design
issues for Python 2.3 and decide if it's a feature we want
to support. I imagine a PEP may be necessary to lay out the
issues and the solution. Do you want to have a hand in that
PEP?
I still don't understand what it means that Pyro and cookie
were bit by a bug. It sounds like they were using pickle in
ways that pickle was not intended to support. A careful
analysis of how those two applications use pickle would be
helpful for generating requirements.
|
|
Date |
User |
Action |
Args |
2007-08-23 13:56:49 | admin | link | issue471893 messages |
2007-08-23 13:56:49 | admin | create | |
|