Paul Rubin wrote: > The Cookie issue is discussed some in that bug thread. But more > relevant is bug 471893. Sorry.
Thanks. There's an interesting comment in that thread: A.M. Kuchling (akuchling) wrote: > Date: 2003-02-06 09:29 > > The Cookie classes that use pickle have DeprecationWarnings in > 2.3, and should disappear in 2.4. Its a real pity that nobody seems to have remembered to actually remove them. >> I think its a bit borderline whether this really was a security bug in >> Python rather than just a problem with the way some people used Python. > > If using a module the way it's documented results in a security hole, > that's definitely a security bug. > > If using the module in an obvious and natural way that looks correct > results in a security hole, I'd say it's at least an issue needing > attention, even if some sufficiently hairsplitting reading of the > documentation says that usage is incorrect. Principle of least > astonishment. Agreed. Principle of least astonishment is definitely good. -- http://mail.python.org/mailman/listinfo/python-list
