I’ve posted an update from the Steering Council to our repo:
Regarding “what may impact Python for the next decade,” I wanted the SC to be aware of what I thought was an interesting idea being incorporated into a project called Deno.
In any case, the idea that I thought was most interesting is that Deno will be “secure by default,” which means that users must give it extra permission to access the disk, network, or otherwise do privileged operations. For example, Deno could provide hooks so that you could e.g. run random code provided by a stranger on the internet, and then be prompted any time the code wants to do something that requires more privileges, like reading or writing to the disk. This would reduce your need to blindly trust downloaded code.
Here is the project website: https://deno.land/
And here are a couple talks that Ryan has given about it:
Thanks for sharing this project and your thoughts. I've been
playing around with some WebAssembly stuff for scientific
computing and higher education for similar reasons. I appreciate
the link to his recent April talk too.
Python 3.8 has auditing events that can be used to implement this.
We could easily add an environment variable or command line argument to trigger a default implementation that restricts these for untrusted code, though the current theory is that users who care enough about this will be prepared to write their own.