Going for total immutability is not a best fit for Go. I was thinking like 
excluding packages like unsafe, reflect, executing external programs and 
the like.

Capabilities seems unnecessarily complicated - getting used to them is not 
easy, like in Pony/ponylang.

Thanks for the link,

On Monday, February 12, 2018 at 11:23:42 PM UTC+3:30, 
> We’ve been discussing stateless packages here: 
> Matt
> On Monday, February 12, 2018 at 1:43:05 PM UTC-6, dc0d wrote:
>> Is there a way to identify a package as safe?
>> Let's restrict the imported packages to built-in ones. Now assuming a 
>> package only imports "strings" and "net/url" can it considered as safe? 
>> Since it does not (can not) modify the environment (most notably executing 
>> code)?
>> Of course the package still can behave in a malicious manner by (for 
>> example) creating too many goroutines.
>> This came to mind when I was reading about package managers and learnt 
>> some problems that they have. 

You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
For more options, visit

Reply via email to