Stephen Frost wrote:
* Joe Conway ([EMAIL PROTECTED]) wrote:
Consider a scenario like "package <x> uses <arbitrary function y in an
untrusted language z>". Exact same concerns arise.
No, it doesn't... Said arbitrary function in y, in untrusted language
z, could be perfectly safe for users to call.
^^^^^
*Could* be. But we just said that the admin was not interested in
reading the documentation, and has no idea if it *is* safe. And, it very
well might not be safe. We have no way to know in advance because the
language is untrusted.
Being written in an untrusted language has got next to nothing to do with the
security
implications of a particular function. It depends entirely on what the
function is *doing*, not what language it's written in.
Sure it matters. A function written in a trusted language is known to be
safe, a priori. A function written in an untrusted language has no such
guarantees, and therefore has to be assumed unsafe unless carefully
proved otherwise.
Joe
---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings