Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #53847
| Path | csiph.com!usenet.pasdenom.info!aioe.org!news.stack.nl!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <rosuav@gmail.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.036 |
| X-Spam-Evidence | '*H*': 0.93; '*S*': 0.00; 'source,': 0.04; 'true,': 0.05; 'subject:Python': 0.06; 'binary': 0.07; 'compiler': 0.07; 'level,': 0.07; 'think,': 0.07; 'python': 0.11; 'ahead!': 0.16; 'beautifully': 0.16; 'charles': 0.16; 'compiler.': 0.16; 'example)': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'planet,': 0.16; 'propagated': 0.16; 'society.': 0.16; 'two.': 0.16; 'weapon': 0.16; 'wrote:': 0.18; 'else,': 0.19; 'examples': 0.20; 'hack': 0.22; 'install': 0.23; 'helpful': 0.24; 'mon,': 0.24; 'sort': 0.25; 'compiled': 0.26; 'holds': 0.26; 'world,': 0.26; 'header:In-Reply-To:1': 0.27; 'point': 0.28; 'am,': 0.29; "doesn't": 0.30; 'message-id:@mail.gmail.com': 0.30; 'code': 0.31; 'bunch': 0.31; 'gcc': 0.31; 'sep': 0.31; 'critical': 0.32; 'quite': 0.32; 'running': 0.33; 'maybe': 0.34; "i'd": 0.34; 'could': 0.34; "can't": 0.35; 'possible.': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'there': 0.35; 'version': 0.36; 'false': 0.36; "didn't": 0.36; 'subject:?': 0.36; 'two': 0.37; 'being': 0.38; 'to:addr:python-list': 0.38; 'that,': 0.38; 'anything': 0.39; 'visual': 0.39; 'to:addr:python.org': 0.39; 'even': 0.60; 'easy': 0.60; 'money.': 0.60; 'subject:Can': 0.60; 'truly': 0.60; 'most': 0.60; 'information,': 0.61; 'simply': 0.61; "you're": 0.61; 'grab': 0.64; 'become': 0.64; 'different': 0.65; 'life': 0.66; 'here': 0.66; 'capable': 0.67; 'believe': 0.68; "today's": 0.70; 'therefore': 0.72; 'bank': 0.76; 'power': 0.76; 'article': 0.77; 'compilers,': 0.84; 'firing': 0.84; 'nuclear': 0.84; 'technically': 0.84; 'average': 0.93; 'yourself,': 0.95; '2013': 0.98 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=lwPXBu4cwk3pMtfNbEtAPlczVNUX8rhHfF0UGlvuPa8=; b=kCygtUjRX94goxjSGOG2zT9y3CBR80oS8zO+004WFeX9PtvTE8rMhOSWA+Hgb4rXnv 4up4MsaU3IC+nSp048ZboNhLYv6ei0BBw2UhjFJhcxy//LxjD5cKkXUCRAoJHjuHFc+x pKp6Ph91ERMa+3TCC6c6SmxbviNfDlTE1YL4fgn6hM2jXZymGTafO4scu682ObEFMnT9 lBJ6YYI12XW8OKkgQP/wHUSoy+Fw65552OaqYS0namO7RH6ddEII34lmeYt8pxdShcfR zE5gPsruJeJdGtxSkww1PzQpfGbTavnEF9Z+XjDkFu5TgKku9Ix24HIrJuXuTw9T2vID uH6w== |
| MIME-Version | 1.0 |
| X-Received | by 10.220.46.72 with SMTP id i8mr13469803vcf.10.1378658349602; Sun, 08 Sep 2013 09:39:09 -0700 (PDT) |
| In-Reply-To | <XsSdnZfDdPBCPbHPnZ2dnUVZ_vidnZ2d@earthlink.com> |
| References | <CAOO2PexT3XagV4u7ScDiZgifZjzapt9cem9W+3Bag1CBrsnMpA@mail.gmail.com> <mailman.150.1378609508.5461.python-list@python.org> <522c6e4e$0$29988$c3e8da3$5496439d@news.astraweb.com> <XsSdnZfDdPBCPbHPnZ2dnUVZ_vidnZ2d@earthlink.com> |
| Date | Mon, 9 Sep 2013 02:39:09 +1000 |
| Subject | Re: Can I trust downloading Python? |
| From | Chris Angelico <rosuav@gmail.com> |
| To | python-list@python.org |
| Content-Type | text/plain; charset=ISO-8859-1 |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.15 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.156.1378658357.5461.python-list@python.org> (permalink) |
| Lines | 39 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1378658357 news.xs4all.nl 15913 [2001:888:2000:d::a6]:37888 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | csiph.com comp.lang.python:53847 |
Show key headers only | View raw
On Mon, Sep 9, 2013 at 2:08 AM, Charles Hottel <chottel@earthlink.net> wrote: > I think this article is relevant althought the code examples are not Python > but C: > > http://cm.bell-labs.com/who/ken/trust.html That is quite true, and yet not truly helpful here :) It's like pointing out that we could be being fed false information, and then suggesting that The Matrix is technically possible. Once you start distrusting to that level, you become paranoid to a point that's inappropriate to all but the most critical situations. I'd accept and maybe even recommend that sort of paranoia if you're running a nuclear power station, or an automated weapon system capable of firing missiles that destroy the planet, or a bank that holds everyone's money. For the average Joe, there's no point panicking. Also: That hack works beautifully when there's precisely one C compiler. In today's world, there are many (well known ones like gcc, clang, MS Visual Studio (whatever the compiler from that is called), and a bunch of lesser-known ones as well), and it's pretty easy to just grab a different compiler and build. The chances that your code will be falsely compiled by TWO compilers would have to be infinitesimal, and you needn't stop at two. Since many people build (to take one example) gcc from source, using an old version of gcc, the hack would have to be propagated to all current gcc builds in some way - you can't simply build once and install the binary as the official C compiler, not in today's distributed society. (If you're truly paranoid, you might believe that gcc has had the hack in it since its inception. But some people build gcc using other compilers, too.) If you can't trust any code you didn't write yourself, you're left with Rene Descartes' line "I think, therefore I am" - it's impossible to prove anything else, since you can't trust your senses. So go ahead! Distrust everything and use nothing. Or accept that, even if you're the target of a huge conspiracy, it doesn't even matter, because life still goes on :) ChrisA
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Re: Can I trust downloading Python? Michael Torrie <torriem@gmail.com> - 2013-09-07 21:04 -0600
Re: Can I trust downloading Python? Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-09-08 12:32 +0000
Re: Can I trust downloading Python? "Charles Hottel" <chottel@earthlink.net> - 2013-09-08 12:08 -0400
Re: Can I trust downloading Python? Chris Angelico <rosuav@gmail.com> - 2013-09-09 02:39 +1000
Re: Can I trust downloading Python? Steven D'Aprano <steve@pearwood.info> - 2013-09-09 09:41 +0000
Re: Can I trust downloading Python? Anthony Papillion <papillion@gmail.com> - 2013-09-09 06:02 -0500
Re: Can I trust downloading Python? Michael Torrie <torriem@gmail.com> - 2013-09-09 10:23 -0600
Re: Can I trust downloading Python? William Ray Wing <wrw@mac.com> - 2013-09-09 12:40 -0400
Re: Can I trust downloading Python? Michael Torrie <torriem@gmail.com> - 2013-09-09 10:44 -0600
csiph-web