atom feed94 messages in org.blender.bf-committersRe: [Bf-committers] "Security" gets i...
FromSent OnAttachments
Daniel Salazar - 3Developer.comApr 27, 2010 5:59 pm 
Matt EbbApr 27, 2010 6:17 pm 
Benjamin TolputtApr 27, 2010 7:09 pm 
Benjamin TolputtApr 27, 2010 7:25 pm 
Matt EbbApr 27, 2010 7:32 pm 
Benjamin TolputtApr 27, 2010 7:57 pm 
Campbell BartonApr 28, 2010 1:03 am 
Daniel Salazar - 3Developer.comApr 28, 2010 1:14 am 
Remo PiniApr 28, 2010 1:34 am 
Benjamin TolputtApr 28, 2010 2:36 am 
horace grantApr 28, 2010 4:28 am 
Benjamin TolputtApr 28, 2010 7:05 am 
horace grantApr 28, 2010 7:56 am 
Remo PiniApr 28, 2010 8:32 am 
Nery ChucuyApr 28, 2010 8:41 am 
Raul Fernandez HernandezApr 28, 2010 8:58 am 
male...@licuadorastudio.comApr 28, 2010 9:30 am 
Bassam KurdaliApr 28, 2010 9:55 am 
Raul Fernandez HernandezApr 28, 2010 10:58 am 
Makslane RodriguesApr 28, 2010 1:52 pm 
horace grantApr 28, 2010 2:28 pm 
Matt EbbApr 28, 2010 2:34 pm 
Charles WardlawApr 28, 2010 2:58 pm 
Makslane RodriguesApr 28, 2010 3:15 pm 
Tom MApr 28, 2010 3:16 pm 
Ruslan MerkulovApr 28, 2010 4:33 pm 
Charles WardlawApr 28, 2010 5:09 pm 
joeApr 28, 2010 5:21 pm 
Benjamin TolputtApr 28, 2010 5:31 pm 
Ruslan MerkulovApr 28, 2010 5:40 pm 
Benjamin TolputtApr 28, 2010 6:44 pm 
Martin PoirierApr 28, 2010 8:01 pm 
amrp...@gmail.comApr 28, 2010 8:27 pm 
Charles WardlawApr 28, 2010 8:44 pm 
Benjamin TolputtApr 28, 2010 8:56 pm 
Martin PoirierApr 28, 2010 9:02 pm 
§ĥřïñïďĥï ŖäöApr 28, 2010 9:03 pm 
Harley AchesonApr 28, 2010 9:31 pm 
Benjamin TolputtApr 28, 2010 11:22 pm 
Ruslan MerkulovApr 29, 2010 12:10 am 
Tony MullenApr 29, 2010 3:08 am 
Kevin RoyApr 29, 2010 3:30 am 
Charles WardlawApr 29, 2010 3:39 am 
horace grantApr 29, 2010 5:03 am 
Thomas DingesApr 29, 2010 5:13 am 
Martin PoirierApr 29, 2010 5:57 am 
Benjamin TolputtApr 29, 2010 5:58 am 
(Ry)akiotakis (An)tonisApr 29, 2010 6:13 am 
Charles WardlawApr 29, 2010 6:16 am 
Raul Fernandez HernandezApr 29, 2010 6:35 am 
Charles WardlawApr 29, 2010 6:41 am 
Benjamin TolputtApr 29, 2010 6:46 am 
Benjamin TolputtApr 29, 2010 7:11 am 
Raul Fernandez HernandezApr 29, 2010 8:10 am 
KnappApr 29, 2010 8:54 am 
Michael JuddApr 29, 2010 10:55 am 
Martin PoirierApr 29, 2010 10:59 am 
Michael JuddApr 29, 2010 11:13 am 
Michael FoxApr 29, 2010 3:26 pm 
Benjamin TolputtApr 29, 2010 4:41 pm 
Benjamin TolputtApr 29, 2010 4:46 pm 
Benjamin TolputtApr 29, 2010 5:03 pm 
Martin PoirierApr 29, 2010 5:08 pm 
Benjamin TolputtApr 29, 2010 5:09 pm 
horace grantApr 29, 2010 5:26 pm 
Ken HughesApr 29, 2010 5:47 pm 
Ken HughesApr 29, 2010 5:52 pm 
Ken HughesApr 29, 2010 5:54 pm 
Benjamin TolputtApr 29, 2010 5:55 pm 
Benjamin TolputtApr 29, 2010 5:57 pm 
Benjamin TolputtApr 29, 2010 6:13 pm 
Roger WickesApr 29, 2010 6:13 pm 
Benjamin TolputtApr 29, 2010 6:25 pm 
Michael JuddApr 29, 2010 6:39 pm 
Benjamin TolputtApr 29, 2010 6:58 pm 
Martin PoirierApr 29, 2010 7:22 pm 
Benjamin TolputtApr 29, 2010 9:24 pm 
Campbell BartonApr 29, 2010 9:46 pm 
Michael JuddApr 29, 2010 9:48 pm 
Benjamin TolputtApr 29, 2010 11:28 pm 
Luke FriskenApr 30, 2010 2:01 am 
Roger WickesApr 30, 2010 4:52 am 
Ton RoosendaalApr 30, 2010 5:06 am 
Jason WilkinsApr 30, 2010 10:54 am 
jonathan d p fergusonApr 30, 2010 11:56 am 
Benjamin TolputtApr 30, 2010 5:39 pm 
Ruslan MerkulovApr 30, 2010 7:04 pm 
Jason WilkinsApr 30, 2010 7:52 pm 
Tom MApr 30, 2010 8:06 pm 
Benjamin TolputtApr 30, 2010 11:20 pm 
Benjamin TolputtApr 30, 2010 11:23 pm 
Jason W.Apr 30, 2010 11:43 pm 
jspliferMay 1, 2010 1:45 am 
horace grantMay 1, 2010 8:38 am 
Subject:Re: [Bf-committers] "Security" gets in the way
From:Benjamin Tolputt (btol@internode.on.net)
Date:Apr 29, 2010 6:25:48 pm
List:org.blender.bf-committers

Ken Hughes wrote:

Of course the "this is impossible with python" can be wrong in the long term; who know what direction python will evolve in the next 2-3 years. But trying to find a python solution right now, with what we have, is impossible.

Bingo. Glad I'm not the only one saying this. We may not agree on the final solution (or that we choose to not have one), but I'm glad that the technical realities are being agreed on. The most frustrating thing in any debate isn't being disagree with on the final answer, it is having to correct people on the facts that make up the debate foundation.

Case in point - it is impossible with current versions of Python to secure the loading/rendering of a Blender scene whilst also allowing Python to be embedded in said scene (in constraints, rigs, etc). This is a *fact* given current implementations of Python.

I have to agree with what someone posted earlier: if someone is convinced this (a secure solution) can be done with the existing Python 3.1, they need to code up a proof-of-concept to shut up everyone who says it can't be done. Otherwise everyone is just filling up a useful mailing list with spam.

Another good point. I've been browsing the code whilst the debate has "raged" and the amount of work to move Blender to any other language is phenomenal! If a solution using the standard Python library can be found - I'd be VERY happy to use it. I am not saying Python is bad - it is a very good, mature, and flexible language/platform. It's a little "heavy" for embedding in my projects (and there are thread locking issues); but I use it all the time for data processing tasks. That said, it is *by design* unable to be secured in the way Blender requires if one is going to allow Python expressions in a scene file.

I doubt anyone is going to want to look at replacing Python unless there is some nod from the core developers as to it being allowed consideration for trunk. However, a patch to Blender that allows it to be secured whilst still using Python would likely be accepted without much hassle at all. It would be a "bug fix" as compared to an application-wide refactor.

_______________________________________________ Bf-committers mailing list Bf-c@blender.org http://lists.blender.org/mailman/listinfo/bf-committers