On Sun, Nov 10, 2013 at 2:32 AM, Antoon Pardon <antoon.par...@rece.vub.ac.be> wrote: >> And i had until i made some new changes last night, which i think i have >> corrected now as we speak. > > Continuing the arrogance.
Just to put that in perspective, by the way: *EVERYONE* writes vulnerable code. Even Python itself has been found to have had significant exploits (hash randomization had to get backported a long way). There's nothing wrong with fixing security bugs; there's not even a lot wrong with the iterative process of "find bug, fix bug, find another bug, fix another bug". There are two major problems with what you did here, Nikos, and they are: 1) Starting with a hopelessly insecure system and then trying to band-aid patch it one vulnerability at a time, which is folly; and 2) Boasting that your system was now secure. The main issue is the boasting, which is utterly unwarranted arrogance. All you have to do is look at how, after boasting previously, you were provably vulnerable - which means that you clearly still had problems while you were boasting. A more humble attitude of "Oops, well, that's fixed now" without saying "Ha ha, now try to break THAT, I'm oh so perfect now" would suit you far better, based on your history. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
