On Wed, Aug 19, 2009 at 11:54 AM, Damian Conway<dam...@conway.org> wrote:
> Moritz wrote:
>> However it seems we have to pay a price: each act of rendering a Pod
>> file actually means executing the program that's being documented (at
>> least the BEGIN blocks and other stuff that happens at compile time),
>> with all the security risks implied. So we'll need a *very* good
>> sandbox. Is that worth it?
> I believe so. The sheer range of approaches that people said they wanted
> Pod to support made it impossible for Pod to support anyone, unless
> everyone can configure Pod directly. The choice then becomes: do we
> provide Pod with a DSL for configuration, or do we just use
> Perl 6 as its metalanguage? The answer seemed pretty obvious then.

Pod itself is a DSL.

If we're committed to giving guns to books, can we default to having
the safety on?  Can it be so that 'perl6doc foo.pl' does not execute
any code without an option to allow it?  Module authors can use it to
generate files to go with the distribution.  'make install' can use it
to generate docs with locally-set values in them.  Casual browsers can
stay safe.

Perl 5 programmers are sometimes surprised to find that 'perl -c
strange.pl' can execute code.  Imagine their surprise to find that
'perl6doc' does too.


Reply via email to