On Fri, Sep 15, 2000 at 01:33:01PM -0700, Nathan Wiger wrote:
> Michael G Schwern wrote:
> >
> > perl6-internals is probably the wrong forum for this, it was just
> > convenient. I think Dan's got the right idea, distribute a Taint
> > module with Perl.
>
> I'm not sure what's happened on -internals, but early on in
> perl6-language I suggested something similar, and Larry dropped some
> major knowledge on me about tainting:
>
> http://www.mail-archive.com/perl6-language@perl.org/msg00394.html
>
> I'd advise everyone read the above. Adding a $TAINT
> variable/pragma/whatever is, basically, a Bad Idea.
The hypothetical taint.pm/taint.xs that was being discussed was in
a different context.
The taint pragma that we were talking about is not about lexical
scoping of taint mode, but rather a sensible place to add taint(),
tainted() and similar functions that need specific knowledge of
core internals.
Of couse, if the core language contains taint() and untainted(), then
this is a trivial discussion. We were looking at it from an internals
perspective, with the POV that it may not be a core language feature.
taint() and tainted() would work on scalars that may or may not
be coming from a trustworthy source. untaint() should *not* be
one of these functions, because untainting should remain hard
(i.e., you should have to think about what you're doing).
This is a discussion that may result in a different RFC altogether.
It came up because RFC 227 discusses tainting.
-language is probably not the right forum for either. I vote for
starting a new thread in -stdlib.
Z.