On Saturday, 13 July 2013 at 04:23:56 UTC, Walter Bright wrote:
A big problem with it would be the equivalent of the "SQL Injection Exploit". Since the compiler can now execute arbitrary code, someone passing around malicious source code could do anything to your system.
Assuming that the user is compiling the code in order to run it (which does seem to be the most common case, at least in my experience), the user is already running arbitrary code. I don't really see how this would create a greater security risk than what already exists.
That said, I'm not completely sold on this idea, either, at least not while there are more important issues to solve. It could be nice at times, but I'm having a hard time coming up with a usage case where this would really be much more convenient than just using the build system.
