On Thu, Nov 13, 2003 at 07:50:38PM +0000, Carwyn Edwards wrote: > Removing the list is a perfectly valid way of addressing the situation > of having a long list :-) It is, but I was deliberately restricting my discussion to the "middle ground" where you don't remove the list. I think we understand each other now. > It's a mute point anyway given that: oh... if it were a mute point, we'd all have had a happier day. I think you mean moot :) > Basically I agree with you on almost every point :-) I'd probably move > to the dynamic loading model (it's only about 50 lines) sooner rather > than most but that's just me. The catch is that I think it means pulling > in 800 odd lines of the inspect module to do it properly (or is there > another way that means you're not exec-ing user supplied strings without > validating their targets?). My take on this is that imported plugin code must be trusted completely or not run. The one very simple exception is if you restrict things VERY SEVERELY (like limit things to a few known functions and a few known variables, at which point, you've probably lost the power of plugins). It's just way too hard to nasty-proof a powerful introspective language like python. All attempts to do so have failed (bastion, rexec). I'm not nixing plugins. I think they're great (maybe not for yum, but in general). I'm just saying that the way to validate plugins is via the human at install-time, not via the program at load-time. It may, of course, be nice to do some warning checks to prevent accidental damage, but one should not imagine that you can prevent a serious attack this way. > I didn't mean to offend, I think finding out that the answerfile based > non-interactive install option for maple9 doesn't work on linux annoyed > me a bit this morning. 's OK. I'm in the process of writing my thesis and might be a tad grumpy, myself. -Michael -- Michael Stenner Office Phone: 919-660-2513 Duke University, Dept. of Physics mstenner@xxxxxxxxxxxx Box 90305, Durham N.C. 27708-0305
