And Qt. On Mon, Oct 17, 2016 at 8:35 PM, Nathan Woodrow <[email protected]> wrote:
> Yes I have read it, however we don't run on PyPy, we use CPython. > > On Mon, Oct 17, 2016 at 8:06 PM, <[email protected]> wrote: > >> >> >> Inviato da iPhone >> >> Il giorno 17 ott 2016, alle ore 11:19, Nathan Woodrow < >> [email protected]> ha scritto: >> >> For context from here: https://lwn.net/Articles/574215/ >> >> "I now agree that putting a sandbox in CPython is the wrong design. >> There are too many ways to escape the untrusted namespace using the various >> introspection features of the Python language. To guarantee the [safety] of >> a security product, the code should be [carefully] audited and the code to >> review must be as small as possible. Using pysandbox, the "code" is the >> whole Python core which is a really huge code base. For example, the Python >> and Objects directories of Python 3.4 contain more than 126,000 lines of C >> code. >> >> The security of pysandbox is the security of its weakest part. A single >> bug is enough to escape the whole sandbox." >> >> >> Correct. In fact I am talking about this other: >> >> pypy.org and its sandboxing, that is: >> http://doc.pypy.org/en/latest/sandbox.html?highlight=Sandboxing >> >> that reports the interesting issues you can have with other solutions, as >> CPython, for example. >> Do you have read it ? If not, good reading :) >> >> >> >> >> On Mon, Oct 17, 2016 at 7:17 PM, Nathan Woodrow <[email protected]> >> wrote: >> >>> Honestly, this is getting tiresome. >>> >>> If you don't like the approval processes that we have in place currently >>> you can create a new plugin repo, it's just an XML file exposed via >>> webserver, there are docs around for it. >>> >>> You can give this URL to people and they can install your plugins via >>> that. >>> >>> If you don't want to do that, then you will have to go through the >>> approval process. I'm sure there are reasons it took longer than normal, >>> maybe review those first. >>> >>> If you want to follow the sandboxed Python route and see how far you get >>> fine, however again I suspect you are in for a long road given the complex >>> nature of that and you would still have to >>> be able to support what we can in core, etc. >>> >>> - Nathan >>> >>> >>> On Mon, Oct 17, 2016 at 6:31 PM, Geo DrinX <[email protected]> wrote: >>> >>>> >>>> >>>> 2016-10-17 10:19 GMT+02:00 Nathan Woodrow <[email protected]>: >>>> >>>>> Qgis uses CPython. You also have to sandbox Qt, so I suspect you are >>>>> running into a lot of dead ends. >>>>> >>>> Thank you for the suggestion. We will see who is moving in dead >>>> ends. :) >>>> >>>> I am the crow's nest of the ship and I am experiencing the arrival of >>>> the iceberg. >>>> And I hear the orchestra playing :) >>>> >>>> >>>> Best regards and wishes for a safe journey. ;) >>>> >>>> >>>> Geo >>>> >>>> PS: and then if you want to exit from the one direction maze you are >>>> going, here I am. >>>> PPS: in the meantime, take a look of this competition: >>>> https://goo.gl/WR8LVF >>>> >>> >>> >> >
_______________________________________________ Qgis-developer mailing list [email protected] List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
