While I can see your point about potentially introducing new security holes,
and producing much less trusted code, I feel having tidy, pure libraries that
we can all integrate into our Haskell is a benefit that far outweighs this.
Especially when we have nice things like the type system, which can be used to
alleviate many of the security worries.
I agree in general, for code like servers and file formats, but I worry in
particular about cryptographic primitives. Some side channel attacks seem to
call for a very low-level language, to make it easier to verify that e.g.
execution time and the memory access pattern does not depend on the key.
_______________________________________________
Haskell-Cafe mailing list
[email protected]
http://www.haskell.org/mailman/listinfo/haskell-cafe
