From: merlyn at stonehenge.com (Randal L. Schwartz)
Date: 29 Apr 1999 07:24:00 -0700
Subject: converting perl to python - simple questions.
References: <7fvagp$8lm$1@nnrp1.dejanews.com> <m3u2u47hod.fsf@deneb.cygnus.stuttgart.netsurf.de> <lFLU2.3119$Ig1.434671@news1.rdc1.on.wave.home.com> <m3so9lc219.fsf@deneb.cygnus.stuttgart.netsurf.de> <aahzFAww6J.Cr2@netcom.com> <wkogk8wlgq.fsf@turangalila.harmonixmusic.com>
Message-ID: <m1lnfbmrnj.fsf@halfdome.holdit.com>
Content-Length: 1392
X-UID: 145                                                  

>>>>> "Dan" == Dan Schmidt <dfan at harmonixmusic.com> writes:

Dan> Four and a half, actually; Perl 5.000 was released in October 1994,
Dan> exactly a week after Python 1.1.  In fact, Perl 5 has been the current
Dan> version longer than Perl 4 was (Perl 4 was released in March 1991, so
Dan> it was the newest version for only three and a half years).  

Not to mention that *all* versions of Perl prior to 5.004 have known,
documented buffer-overflow potential problems, so if you use those
scripts in any public-execution environment (like CGI or setuid
programs or daemons), you are setting yourself up for a "non use of
best practices" lawsuit when the bad guys break in.

I'm told by people in-the-know of a rootkit that targets *any* CGI
script and sends it the right thing to break in, presuming you know
the arch of the box and have a reasonable guess as to the Perl
version.

Perl 4 is dead.  Anything before 5.004 is dangerous.  Perl5 *is* Perl.

Just another Perl (and Python) hacker,

-- 
Name: Randal L. Schwartz / Stonehenge Consulting Services (503)777-0095
Keywords: Perl training, UNIX[tm] consulting, video production, skiing, flying
Email: <merlyn at stonehenge.com> Snail: (Call) PGP-Key: (finger merlyn at teleport.com)
Web: <A HREF="http://www.stonehenge.com/merlyn/">My Home Page!</A>
Quote: "I'm telling you, if I could have five lines in my .sig, I would!" -- me