Message 163723 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	ncoghlan
Recipients	Arfrever, eric.araujo, ezio.melotti, georg.brandl, hynek, jcea, larry, loewis, mrts, ncoghlan, neologix, petri.lehtinen, pitrou, python-dev, rosslagerwall, schmir, tarek, teamnoir
Date	2012-06-24.06:27:24
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1340519284.58.0.574109401336.issue4489@psf.upfronthosting.co.za>
In-reply-to

Content
I'm in the process of updating the LBYL support to use a "rmtree.avoids_symlink_attacks" function attribute rather than the "rmtree_is_safe" module level attribute. As I said in the hmac.secure_compare function discussion, the words "safe" and "secure" are too vague to ever make for good API design. Much better to tell people exactly what they're safe against (rmtree_is_safe -> rmtree.avoids_symlink_attacks), or designed to be appropriate for (hmac.secure_compare -> hmac.compare_digest).

I'm in the process of updating the LBYL support to use a "rmtree.avoids_symlink_attacks" function attribute rather than the "rmtree_is_safe" module level attribute.

As I said in the hmac.secure_compare function discussion, the words "safe" and "secure" are too vague to ever make for good API design. Much better to tell people exactly what they're safe against (rmtree_is_safe -> rmtree.avoids_symlink_attacks), or designed to be appropriate for (hmac.secure_compare -> hmac.compare_digest).

History
Date	User	Action	Args
2012-06-24 06:28:04	ncoghlan	set	recipients: + ncoghlan, loewis, georg.brandl, jcea, pitrou, larry, schmir, tarek, ezio.melotti, eric.araujo, Arfrever, mrts, neologix, teamnoir, rosslagerwall, python-dev, petri.lehtinen, hynek
2012-06-24 06:28:04	ncoghlan	set	messageid: <1340519284.58.0.574109401336.issue4489@psf.upfronthosting.co.za>
2012-06-24 06:27:24	ncoghlan	link	issue4489 messages
2012-06-24 06:27:24	ncoghlan	create