On Wednesday, September 13, 2017 at 4:35:38 PM UTC-4, Jeroen Demeyer wrote: > > On 2017-09-13 21:56, rjf wrote: > > Just because a package builds, loads, and passes some tests > > doesn't mean that it also includes some security attack. > > Does anyone care about / have any useful thoughts about /. that? > > What would security even mean for a mathematics program? Sage is not > meant for security, so your question makes little sense. >
Well, in principle someone could use a bug in an outside program to hack into Sage, and then use that to gain access (e.g. via Sage shell abilities or os.* in Python) to gain access to a system, right? I agree that it's relatively unlikely compared to the likelihood of a Sage user clicking on a phishing link. -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
