> Neither am I. I am less suspicious based on a reputation. Raymond is a > well-known, trusted senior Python developer who knows what he is doing.
I don't really know anything about him or why people respect him, so I have no reason to share your faith. > It reads fine, and the justification is perfectly valid. Well. It reads fine in a certain sense, in that I can figure out what's going on (although I have some troubles figuring out why the heck certain things are in the code). The issue is that what's going on is otherworldly: this is not a Python pattern, this is not a normal approach. To me, that means it does not read fine. The use of exec also results in (seemingly) arbitrary constraints on the input. Like, why can't "--" be a name? Because exec? Is there some other reason? I don't like the use of exec, and I don't like the justification (it seems handwavy). I pointed this out in a thread full of people saying "never EVER use exec this way", so it's obviously not just me that thinks this is awful. > You're right to be cautious of exec. You're wrong to be phobic about it. > What do you think is going to happen? I think somebody will read it and think this is a good idea. Devin On Wed, Nov 9, 2011 at 6:11 PM, Steven D'Aprano <steve+comp.lang.pyt...@pearwood.info> wrote: > On Wed, 09 Nov 2011 18:01:16 -0500, Devin Jeanpierre wrote: > >>> If it were someone other than Raymond Hettinger responsible for the use >>> of exec in namedtuple, I'd be a lot more suspicious of it. >> >> I'm not going to be less suspicious based on a name. > > Neither am I. I am less suspicious based on a reputation. Raymond is a > well-known, trusted senior Python developer who knows what he is doing. > > >> It reads like >> insanity, and the justification was terrible. > > It reads fine, and the justification is perfectly valid. > > You're right to be cautious of exec. You're wrong to be phobic about it. > What do you think is going to happen? The exec call inside namedtuple is > going to creep out of the module in the wee hours of the night, > contaminating other functions and modules while you sleep? Be serious. If > you have an actual concrete security vulnerability caused by the use of > exec inside namedtuple, or some other bug, then say so. Otherwise, your > paranoia is unjustified. > > > > -- > Steven > -- > http://mail.python.org/mailman/listinfo/python-list > -- http://mail.python.org/mailman/listinfo/python-list
