Re: [Python-Dev] new security doc using object-capabilities
Hi Brett, On Wed, Jul 19, 2006 at 03:35:45PM -0700, Brett Cannon wrote: > I also plan to rewrite the import machinery in pure Python. http://codespeak.net/svn/pypy/dist/pypy/module/__builtin__/importing.py A bientot, Armin ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Document performance requirements?
Jason Orendorff wrote: > On 7/21/06, Nick Coghlan <[EMAIL PROTECTED]> wrote: >> However, I'm also struggling to think of a case other than list vs deque >> where >> the choice of a builtin or standard library data structure would be dictated >> by big-O() concerns. > > OK, but that doesn't mean the information is unimportant. +1 on > making this something of a priority. People looking for this info > should find it in the obvious place. Some are unobvious. (How fast is > dict.__eq__ on average? Worst case?) Contributions are welcome. Regards, Martin ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Community buildbots -- reprise
Grig Gheorghiu wrote: > Please let me know if you're interested. As I said earlier: If you need some kind of post-commit trigger on the python repository to trigger a build, just let me know. We currently use a more-or-less plain svn_buildbot.py to trigger our own builds. Regards, Martin ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Document performance requirements?
Hi, On Sat, Jul 22, 2006 at 12:33:45PM +1000, Nick Coghlan wrote: > Agreed, but there's more to doing that than just writing down the O() implied > by the current CPython implementation - it's up to Guido to decide which of > the constraints are part of the language definition, and which are > implementation accidents I think that O-wise the current CPython situation should be documented as a "minimal requirement" for implementations of the language, with just one exception: the well-documented "don't rely on this" hack in 2.4 to make repeated 'str += str' amortized linear, for which the 2.3 quadratic behavior is considered compliant enough. I suppose that allowing implementations to provide better algorithmic complexities than required is fine, although I can think of some problems with that (e.g. nice and efficient user code that would perform horribly badly on CPython). Armin ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] new security doc using object-capabilities
Re-hi, On Wed, Jul 19, 2006 at 03:35:45PM -0700, Brett Cannon wrote: > http://svn.python.org/view/python/branches/bcannon-sandboxing/securing_python.txt?rev=50717&view=log. I'm not sure I understand what you propose to fix holes like constructors and __subclasses__: it seems that you want to remove them altogether (and e.g. make factory functions instead). That would completely break all programs, right? I mean, there is no way such changes would go into mainstream CPython. Or do you propose to maintain a CPython branch manually for the foreseeable future? (From experience this is a bad idea...) A bientot, Armin ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Community buildbots -- reprise
On 7/22/06, "Martin v. Löwis" <[EMAIL PROTECTED]> wrote: Grig Gheorghiu wrote:> Please let me know if you're interested.As I said earlier: If you need some kind of post-committrigger on the python repository to trigger a build, justlet me know. We currently use a more-or-less plain svn_buildbot.py to trigger our own builds.Wouldn't that put too much of a burden on the python core build system? It would have to be aware of all the buildslaves running specific projects. I was thinking about having a dedicated buildmaster machine, such as the one Neal says he already has, and configure that machine to coordinate a small army of buildslaves which will be contributed for people interested in this effort. Grig ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Community buildbots -- reprise
Grig Gheorghiu wrote: > As I said earlier: If you need some kind of post-commit > trigger on the python repository to trigger a build, just > let me know. We currently use a more-or-less plain > svn_buildbot.py to trigger our own builds. > > Wouldn't that put too much of a burden on the python core build system? > It would have to be aware of all the buildslaves running specific projects. If there is a single "community buildbot", then no. In any case, it's primarily administrative overhead, not so much cycles. python.org does so many things simultaneously, making it trigger an additional build remotely doesn't hurt. > I was thinking about having a dedicated buildmaster machine, such as the > one Neal says he already has, and configure that machine to coordinate a > small army of buildslaves which will be contributed for people > interested in this effort. Right. You still need to find out when to rebuild, and getting triggers from the source repositories is likely the easiest solution. Regards, Martin ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] new security doc using object-capabilities
On 7/22/06, Armin Rigo <[EMAIL PROTECTED]> wrote:> Re-hi,> > On Wed, Jul 19, 2006 at 03:35:45PM -0700, Brett Cannon wrote:> > http://svn.python.org/view/python/branches/bcannon-sandboxing/securing_python.txt?rev=50717&view=log.> > I'm not sure I understand what you propose to fix holes like> constructors and __subclasses__: it seems that you want to remove them > altogether (and e.g. make factory functions instead). That would> completely break all programs, right?Not altogether, just constructors on select types who are considered dangerous from a security standpoint. The breakage won't be horrible, but it will be there for advanced Python code. I will try to make the wording more clear when I get back to work on Tuesday.> I mean, there is no way such> changes would go into mainstream CPython.If this has to wait until Py3k then so be it. > Or do you propose to maintain> a CPython branch manually for the foreseeable future? (From experience> this is a bad idea...)> Yeah, not my idea of fun either, but since this is a long term project, I will at least need to for the foreseeable future. -Brett ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] new security doc using object-capabilities
On 7/22/06, Armin Rigo <[EMAIL PROTECTED]> wrote: Hi Brett,On Wed, Jul 19, 2006 at 03:35:45PM -0700, Brett Cannon wrote:> I also plan to rewrite the import machinery in pure Python. http://codespeak.net/svn/pypy/dist/pypy/module/__builtin__/importing.pyThanks for the link, Armin. Since you guys don't have the import restrictions the CPython version would have and just have different coding needs for RPython obviously I can't just do a blind copy. But I will definitely take a look as I develop. Maybe you guys can even help to lower the duplication if it makes sense for you. BTW, do you guys happen to have extra tests from import?-Brett ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Community buildbots -- reprise
On 7/22/06, "Martin v. Löwis" <[EMAIL PROTECTED]> wrote: Grig Gheorghiu wrote:> As I said earlier: If you need some kind of post-commit> trigger on the python repository to trigger a build, just> let me know. We currently use a more-or-less plain > svn_buildbot.py to trigger our own builds.>> Wouldn't that put too much of a burden on the python core build system?> It would have to be aware of all the buildslaves running specific projects. If there is a single "community buildbot", then no. In any case, it'sprimarily administrative overhead, not so much cycles. python.org doesso many things simultaneously, making it trigger an additional build remotely doesn't hurt.> I was thinking about having a dedicated buildmaster machine, such as the> one Neal says he already has, and configure that machine to coordinate a> small army of buildslaves which will be contributed for people > interested in this effort.Right. You still need to find out when to rebuild, and getting triggersfrom the source repositories is likely the easiest solution.I seeI guess I was thinking about building periodically (every X hours or at time Y) as opposed to getting svn triggers on each check-in. But if, as you're saying, the overhead on python.org is not too great, we can do what you suggested.Grig-- http://agiletesting.blogspot.com ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] new security doc using object-capabilities
Armin Rigo wrote: > I'm not sure I understand what you propose to fix holes like > constructors and __subclasses__: it seems that you want to remove them > altogether (and e.g. make factory functions instead). That would > completely break all programs, right? I mean, there is no way such > changes would go into mainstream CPython. How much code is actually out there that uses __subclasses__? It seems like a fairly esoteric corner of the language to me. In any case, I think this approach should certainly be tried, and if it works out, considered for Py3k. -- Greg ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] new security doc using object-capabilities
Armin Rigo wrote: > Re-hi, > > On Wed, Jul 19, 2006 at 03:35:45PM -0700, Brett Cannon wrote: > >>http://svn.python.org/view/python/branches/bcannon-sandboxing/securing_python.txt?rev=50717&view=log. > > I'm not sure I understand what you propose to fix holes like > constructors and __subclasses__: it seems that you want to remove them > altogether (and e.g. make factory functions instead). That would > completely break all programs, right? I mean, there is no way such > changes would go into mainstream CPython. If I understand correctly, the proposal is that any incompatible changes to the language would apply only in "sandboxed" interpreters. So there is no reason why support for these couldn't go into the main branch. Of course we want to minimize the changes that will need to be made to programs and libraries to make them work in a sandboxed interpreter, but not at the expense of security. Some incompatible changes will be necessary. -- David Hopwood <[EMAIL PROTECTED]> ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] new security doc using object-capabilities
Hi Brett, On Sat, Jul 22, 2006 at 10:33:19AM -0700, Brett Cannon wrote: > Thanks for the link, Armin. Since you guys don't have the import > restrictions the CPython version would have and just have different coding > needs for RPython obviously I can't just do a blind copy. But I will > definitely take a look as I develop. Maybe you guys can even help to lower > the duplication if it makes sense for you. Yes, it should be possible to abstract the common logic in some way, using some kind of interface for all OS inspection and 'sys.modules' manipulations. > BTW, do you guys happen to have extra tests from import? Yes, there is http://codespeak.net/svn/pypy/dist/pypy/module/__builtin__/test/test_import.py which will also need a bit of rewriting, but that should be straightforward. A bientot, Armin ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
