Do we understand security?

I read as much material as I could so I could start to have more
knowledge about the structure and the ideas behind Brett Cannon’s
work.

Jeff Balogh helped me a lot and introduced me to some tools for python
that made my life so easy in a second. Now I use IPython instead of the
regular python, it is a plugin that warps the regular distribution and
create new commands and much more features that makes a developers
life like heaven.

In addition I checked out two of Brett Cannon’s project from the python
svn reposatory: bcannon-objcap/, bcannon-sandboxing/.
Despite the names the sandboxing project actually deals with memory allocation
and usage and the objcap project is the security for python.

I spent some time also going over his personal blog and I found out some
post that are very interesting for us:
http://sayspy.blogspot.com/search/label/security

As you can see in one of the blog’s post nobody has tried the sandox except
Brett Cannon himself, although he mantioned that he finished the security work!

My plan for the next days is to continue to look at the code until I will understand
good enough the implementation.

Luke started to test the plug-in with some test cases that I transfered him and
also some of his own. Although he already found some bugs, all the bugs found are
currently not related to the plug-in but to Web-CAT. Everything will be recorded
but all the bugs that are not related to our work will currently remain unfixed.
If we will have additional time after the projects will be ready, we will go over the records
and fix the Web-CAT bugs (after talking to Stephen about it, of course).