atom feed94 messages in org.blender.bf-committersRe: [Bf-committers] "Security" gets i...
FromSent OnAttachments
Daniel Salazar - 3Developer.comApr 27, 2010 5:59 pm 
Matt EbbApr 27, 2010 6:17 pm 
Benjamin TolputtApr 27, 2010 7:09 pm 
Benjamin TolputtApr 27, 2010 7:25 pm 
Matt EbbApr 27, 2010 7:32 pm 
Benjamin TolputtApr 27, 2010 7:57 pm 
Campbell BartonApr 28, 2010 1:03 am 
Daniel Salazar - 3Developer.comApr 28, 2010 1:14 am 
Remo PiniApr 28, 2010 1:34 am 
Benjamin TolputtApr 28, 2010 2:36 am 
horace grantApr 28, 2010 4:28 am 
Benjamin TolputtApr 28, 2010 7:05 am 
horace grantApr 28, 2010 7:56 am 
Remo PiniApr 28, 2010 8:32 am 
Nery ChucuyApr 28, 2010 8:41 am 
Raul Fernandez HernandezApr 28, 2010 8:58 am 
male...@licuadorastudio.comApr 28, 2010 9:30 am 
Bassam KurdaliApr 28, 2010 9:55 am 
Raul Fernandez HernandezApr 28, 2010 10:58 am 
Makslane RodriguesApr 28, 2010 1:52 pm 
horace grantApr 28, 2010 2:28 pm 
Matt EbbApr 28, 2010 2:34 pm 
Charles WardlawApr 28, 2010 2:58 pm 
Makslane RodriguesApr 28, 2010 3:15 pm 
Tom MApr 28, 2010 3:16 pm 
Ruslan MerkulovApr 28, 2010 4:33 pm 
Charles WardlawApr 28, 2010 5:09 pm 
joeApr 28, 2010 5:21 pm 
Benjamin TolputtApr 28, 2010 5:31 pm 
Ruslan MerkulovApr 28, 2010 5:40 pm 
Benjamin TolputtApr 28, 2010 6:44 pm 
Martin PoirierApr 28, 2010 8:01 pm 
amrp...@gmail.comApr 28, 2010 8:27 pm 
Charles WardlawApr 28, 2010 8:44 pm 
Benjamin TolputtApr 28, 2010 8:56 pm 
Martin PoirierApr 28, 2010 9:02 pm 
§ĥřïñïďĥï ŖäöApr 28, 2010 9:03 pm 
Harley AchesonApr 28, 2010 9:31 pm 
Benjamin TolputtApr 28, 2010 11:22 pm 
Ruslan MerkulovApr 29, 2010 12:10 am 
Tony MullenApr 29, 2010 3:08 am 
Kevin RoyApr 29, 2010 3:30 am 
Charles WardlawApr 29, 2010 3:39 am 
horace grantApr 29, 2010 5:03 am 
Thomas DingesApr 29, 2010 5:13 am 
Martin PoirierApr 29, 2010 5:57 am 
Benjamin TolputtApr 29, 2010 5:58 am 
(Ry)akiotakis (An)tonisApr 29, 2010 6:13 am 
Charles WardlawApr 29, 2010 6:16 am 
Raul Fernandez HernandezApr 29, 2010 6:35 am 
Charles WardlawApr 29, 2010 6:41 am 
Benjamin TolputtApr 29, 2010 6:46 am 
Benjamin TolputtApr 29, 2010 7:11 am 
Raul Fernandez HernandezApr 29, 2010 8:10 am 
KnappApr 29, 2010 8:54 am 
Michael JuddApr 29, 2010 10:55 am 
Martin PoirierApr 29, 2010 10:59 am 
Michael JuddApr 29, 2010 11:13 am 
Michael FoxApr 29, 2010 3:26 pm 
Benjamin TolputtApr 29, 2010 4:41 pm 
Benjamin TolputtApr 29, 2010 4:46 pm 
Benjamin TolputtApr 29, 2010 5:03 pm 
Martin PoirierApr 29, 2010 5:08 pm 
Benjamin TolputtApr 29, 2010 5:09 pm 
horace grantApr 29, 2010 5:26 pm 
Ken HughesApr 29, 2010 5:47 pm 
Ken HughesApr 29, 2010 5:52 pm 
Ken HughesApr 29, 2010 5:54 pm 
Benjamin TolputtApr 29, 2010 5:55 pm 
Benjamin TolputtApr 29, 2010 5:57 pm 
Benjamin TolputtApr 29, 2010 6:13 pm 
Roger WickesApr 29, 2010 6:13 pm 
Benjamin TolputtApr 29, 2010 6:25 pm 
Michael JuddApr 29, 2010 6:39 pm 
Benjamin TolputtApr 29, 2010 6:58 pm 
Martin PoirierApr 29, 2010 7:22 pm 
Benjamin TolputtApr 29, 2010 9:24 pm 
Campbell BartonApr 29, 2010 9:46 pm 
Michael JuddApr 29, 2010 9:48 pm 
Benjamin TolputtApr 29, 2010 11:28 pm 
Luke FriskenApr 30, 2010 2:01 am 
Roger WickesApr 30, 2010 4:52 am 
Ton RoosendaalApr 30, 2010 5:06 am 
Jason WilkinsApr 30, 2010 10:54 am 
jonathan d p fergusonApr 30, 2010 11:56 am 
Benjamin TolputtApr 30, 2010 5:39 pm 
Ruslan MerkulovApr 30, 2010 7:04 pm 
Jason WilkinsApr 30, 2010 7:52 pm 
Tom MApr 30, 2010 8:06 pm 
Benjamin TolputtApr 30, 2010 11:20 pm 
Benjamin TolputtApr 30, 2010 11:23 pm 
Jason W.Apr 30, 2010 11:43 pm 
jspliferMay 1, 2010 1:45 am 
horace grantMay 1, 2010 8:38 am 
Subject:Re: [Bf-committers] "Security" gets in the way
From:Benjamin Tolputt (btol@internode.on.net)
Date:Apr 29, 2010 5:03:52 pm
List:org.blender.bf-committers

Michael Fox wrote:

Ok it seems we are getting nowhere fast on this, so to address the original issue, have it off by default as that is what seems to be causing the most troubles, yet keep it there for those who need it (ie paranoid IT people :) ),

To be honest, I think the reason it is not getting anywhere is two-fold. Firstly, the "default off" /solution/ that is proposed is *not* a solution. It's like making entering a password optional. Unless it is by default *on*, the people most vulnerable to an attack are going to be those that don't turn it on.

as in a studio you will mainly be using internal scripts for like rigs and such not much from the external world

OK, and when rigs do come in from the outside world, like in the recent Durian townsfolk sprint, we *know* that those most experienced in Blender will check them for malicious scripts and/or only open them on machines locked out of the network, right? We still haven't got an answer on that. I think that is pretty telling.

also to show the danger to new users put a warning on the download page in nice red letters at the top

all of this is done until a suitable option is available, and dropping python all together is certainly not a viable alternative

Warning, I am happy to have. Without cooperation from the Python development team though, keeping Python is not a viable alternative either. Something might come out of PyPy (currently they still have "all or nothing" security, not context-by-context restriction) which will make this all moot.

now can this argument please end?

I'm simply replying to emails on the subject. It's not like this has been going for a week and debate on controversial subjects like this are not going to be solved by asking people to "just agree". Should one of the core devs ask me to stop mailing on the subject, I will of course do so - it is, after all, their opinion on the matter I am trying to ascertain!

_______________________________________________ Bf-committers mailing list Bf-c@blender.org http://lists.blender.org/mailman/listinfo/bf-committers