Message163723
| Author |
ncoghlan |
| Recipients |
Arfrever, eric.araujo, ezio.melotti, georg.brandl, hynek, jcea, larry, loewis, mrts, ncoghlan, neologix, petri.lehtinen, pitrou, python-dev, rosslagerwall, schmir, tarek, teamnoir |
| Date |
2012年06月24日.06:27:24 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1340519284.58.0.574109401336.issue4489@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
I'm in the process of updating the LBYL support to use a "rmtree.avoids_symlink_attacks" function attribute rather than the "rmtree_is_safe" module level attribute.
As I said in the hmac.secure_compare function discussion, the words "safe" and "secure" are too vague to ever make for good API design. Much better to tell people exactly what they're safe against (rmtree_is_safe -> rmtree.avoids_symlink_attacks), or designed to be appropriate for (hmac.secure_compare -> hmac.compare_digest). |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2012年06月24日 06:28:04 | ncoghlan | set | recipients:
+ ncoghlan, loewis, georg.brandl, jcea, pitrou, larry, schmir, tarek, ezio.melotti, eric.araujo, Arfrever, mrts, neologix, teamnoir, rosslagerwall, python-dev, petri.lehtinen, hynek |
| 2012年06月24日 06:28:04 | ncoghlan | set | messageid: <1340519284.58.0.574109401336.issue4489@psf.upfronthosting.co.za> |
| 2012年06月24日 06:27:24 | ncoghlan | link | issue4489 messages |
| 2012年06月24日 06:27:24 | ncoghlan | create |
|