On Sat, Jan 17, 2009 at 5:08 PM, Peter Clifton <[email protected]> wrote: > >> Sorry if I will be too long, but this is an important question. >> Short version: Don't Do That! > > Rebuttal: > > Least important reason: Turing complete may present security > implications. > > (BTW: Just saying "sandbox" the interpreter is very easy. Actually doing > it properly is another matter.)
Well, when it comes to security nothing is easy. But writing a safe sandboxed Scheme interpreter is not more difficult than writing a safe configuration parser. Both solutions share same two risks: parsing (especially when implemented in C) and accessing exposed primitives/variables. > Real crux of the matter: If you accept free-form input, it becomes > inordinately more difficult to write any sane GUI, or write-back of > changed config options. (Since the config file might be arbitrarily > complex). Fair enough. I'm not particularly attached to the current configuration mechanism (although setting callbacks without this could be difficult). I just don't think it is broken or particularly needs an improvement. Actually, this is currently one of the gEDA's strongest points. Regards, -r _______________________________________________ geda-user mailing list [email protected] http://www.seul.org/cgi-bin/mailman/listinfo/geda-user
