[Systems] api.sugarlabs.org

Sascha Silbe sascha-ml-ui-sugar-systems at silbe.org
Sat Oct 10 05:44:06 EDT 2009


On Fri, Oct 09, 2009 at 08:39:01PM -0400, Bernie Innocenti wrote:

> 4) is the process of generating the documentation relatively secure,
>    or does it involve running python code checked out from the
>    repositories?
I wouldn't treat it as secure. From the eypdoc FAQ [1]:

>     The --parse-only option instructs epydoc to only get documentation 
> information from parsing (and not from introspection.) You should use 
> this option if:
>       * The project you are documenting contains untrusted source 
> code.

The directly preceding FAQ entry [2] explains why parsing alone doesn't 
usually suffice.


[1] http://epydoc.sourceforge.net/faq.html#parse_only
[2] http://epydoc.sourceforge.net/faq.html#introspect_vs_parse

CU Sascha

-- 
http://sascha.silbe.org/
http://www.infra-silbe.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: Digital signature
Url : http://lists.sugarlabs.org/private/systems/attachments/20091010/e0a2d476/attachment.pgp 


More information about the Systems mailing list