Am I naive or isn't any download of any package opening the door to such tricks?
On Nov 27, 2013, at 8:46 PM, Jay McCarthy wrote: > On Wed, Nov 27, 2013 at 6:27 PM, Robby Findler > <ro...@eecs.northwestern.edu> wrote: >> >> >> >> On Wed, Nov 27, 2013 at 7:21 PM, Jay McCarthy <j...@racket-lang.org> wrote: >>> >>> If I have background expansion on, then when I open that file it >>> installs the package. >>> >> >> As I wrote in my previous message, it doesn't do that for me. And I don't >> see how it could do that, actually. Are you saying that you tried this? > > Yes. I put that in a file and opened it up with DrRacket then got the > "Can't download a Planet package" error message as-if the install were > stopped. > >> Can you explain how you have configured DrRacket to disable the security >> guard that is installed by the background expansion process, please? > > Perhaps my trial was bad because the security guard would have stopped > the network access but my error stopped the library from attempting > the network access? > > Regardless, "Check Syntax" (I think?) or compilation in Racket would > have installed it. [Now, obviously the same macro tricks could > explicitly call download/install-pkg... but I think it is a bit feeble > to say "Check Syntax" should make no attempt to prevent package > installation.] > >> Meanwhile, I would like to point out that your commit has completely >> disabled planet. No packages can be installed. Did you run any test suites >> after making this change? > > I tried to install and fetch some packages. I see now that I committed > in the "racket/collects" directory but the changes to make that work > were in the "pkgs/planet-pkgs" directory so I stupidly missed them. > > Jay > >> Robby >> > _________________________ > Racket Developers list: > http://lists.racket-lang.org/dev _________________________ Racket Developers list: http://lists.racket-lang.org/dev