The discussion about RFC 227 in -internals brought up a few good ideas
about a taint pragma. In brief:
- taint(), tainted() and other such functions would be useful
when sending scalars around or inspecting them. A few other
functions may fall into this category.
- untaint() should not be one of them
- this pragma should be shipped in-core, so that there are no
issues with C-compiler requirements (see Dan/TomP's Taint
modules).
- this is not about lexical tainting, which is a *BAD* idea
- this is not about taint() and untaint() filehandle methods,
which are happening anyway.
All that said, does 'use taint;' make sense?
The good idea that Bart brought up with 'use memoize;' still
applies. Specifically that a :tainted sub attribute (and param
attribute?) may be useful, but that is not within the realm of -stdlib.
Z.
