Movatterモバイル変換

[Python-Dev] Python possible vulnerabilities in concurrency

• Previous message (by thread):[Python-Dev] Python possible vulnerabilities in concurrency
• Next message (by thread):[Python-Dev] Python possible vulnerabilities in concurrency
• Messages sorted by:[ date ][ thread ][ subject ][ author ]

On Wed, Nov 15, 2017 at 6:50 PM, Guido van Rossum <guido at python.org> wrote:> On Wed, Nov 15, 2017 at 6:37 PM, Armin Rigo <armin.rigo at gmail.com> wrote:>>> Hi,>>>> On 14 November 2017 at 14:55, Jan Claeys <lists at janc.be> wrote:>> > Sounds likehttps://www.iso.org/standard/71094.html>> > which is updatinghttps://www.iso.org/standard/61457.html>> > (which you can download from there if you search a bit; clearly either>> > ISO doesn't have a UI/UX "standard" or they aren't following it...)>>>> Just for completeness, I think that what you can download for free>> from that second page only contains the first few sections ("Terms and>> definitions").  It doesn't even go to "Purpose of this technical>> report"---we need to pay $200 just to learn what the purpose is...>>>> *Shrug*>>>> Actually it linked tohttp://standards.iso.org/ittf/> PubliclyAvailableStandards/index.html from which I managed to download> what looks like the complete c061457_ISO_IEC_TR_24772_2013.pdf (336> pages) after clicking on an "I accept" button (I didn't read what I> accepted :-). The $200 is for the printed copy I presume.>So far I learned one thing from the report. They use the term"vulnerabilities" liberally, defining it essentially as "bug":All programming languages contain constructs that are incompletely> specified, exhibit undefined behaviour, are implementation-dependent, or> are difficult to use correctly. The use of those constructs may therefore> give rise to *vulnerabilities*, as a result of which, software programs> can execute differently than intended by the writer.>They then go on to explain that sometimes vulnerabilities can be exploited,but I object to calling all bugs vulnerabilities -- that's just using ascary word to get attention for a sleep-inducing document containing suchgems as "Use floating-point arithmetic only when absolutely needed" (page230).-- --Guido van Rossum (python.org/~guido)-------------- next part --------------An HTML attachment was scrubbed...URL: <http://mail.python.org/pipermail/python-dev/attachments/20171115/ef5af228/attachment.html>

• Previous message (by thread):[Python-Dev] Python possible vulnerabilities in concurrency
• Next message (by thread):[Python-Dev] Python possible vulnerabilities in concurrency
• Messages sorted by:[ date ][ thread ][ subject ][ author ]