[Bf-committers] Blender security paranoia

Benjamin Tolputt btolputt at internode.on.net
Wed Mar 24 21:42:49 CET 2010

Campbell Barton wrote:
> Currently I dont think any of the blender core developers really care
> a lot about security (except for Ton who got the ball rolling), so
> while we can have interesting email discussions, I rather some of the
> people who DO care about security look at ways to improve it.
> We're open for patches! :-)

Unfortunately, my opinion is that Blender's security issue need to be
"fixed" not papered over. The fact that enabling an expression to
average the rotation of two bones to drive another (for example) enables
a malicious scripted to screw with my machine is ridiculous. However, as
has been determined, this would require the replacement of Python - not
something possible in a simple patch or something acceptable to the core

While I've disagreed with Ton (many times) before, security is important
to me too; but the man is (quite legitimately) against the only solution
I can think of given the constraints. Like Microsoft & ActiveX in
Internet Explorer, prior decisions in the development of Blender have
limited the solution space to a handful of equally undesirable options.


Benjamin Tolputt
Analyst Programmer

More information about the Bf-committers mailing list