Steering Council Update for July 2019

I’ve posted an update from the Steering Council to our repo:

1 Like

Regarding “what may impact Python for the next decade,” I wanted the SC to be aware of what I thought was an interesting idea being incorporated into a project called Deno.

Deno is a project started by Ryan Dahl, the creator of Node.js, a little over a year ago and described as “a secure runtime for JavaScript and TypeScript built with V8, Rust, and Tokio.” While it’s described also as an experimental project, it seems like it could end up being Node.js’s version of Python 3, as its creator said in one of the talks below that it’s an attempt to see what Node would be like if he could redo it without any of the mistakes he made (looking back in retrospect).

In any case, the idea that I thought was most interesting is that Deno will be “secure by default,” which means that users must give it extra permission to access the disk, network, or otherwise do privileged operations. For example, Deno could provide hooks so that you could e.g. run random code provided by a stranger on the internet, and then be prompted any time the code wants to do something that requires more privileges, like reading or writing to the disk. This would reduce your need to blindly trust downloaded code.

Here is the project website:

And here are a couple talks that Ryan has given about it:

1 Like


  Thanks for sharing this project and your thoughts. I've been

playing around with some WebAssembly stuff for scientific
computing and higher education for similar reasons. I appreciate
the link to his recent April talk too.

1 Like

Python 3.8 has auditing events that can be used to implement this.

We could easily add an environment variable or command line argument to trigger a default implementation that restricts these for untrusted code, though the current theory is that users who care enough about this will be prepared to write their own.