I think we're struggling at the moment with what the predicate we want to check is, tho. (That is, I feel like we can deal with errors or alerts or whatever, once we decide what should trigger them.)
Robby On Thu, Oct 24, 2013 at 3:35 PM, Laurent <laurent.ors...@gmail.com> wrote: > Independently of how difficult it is to do this, another possibility is to > ask for permission as the program is run. > But then you may have the problem that some users (read: students) may > actually not know that they don't know what they are doing. > There could also be a checkbox somewhere to allow for unsandboxed > execution inside DrRacket. > > Laurent > > > On Thu, Oct 24, 2013 at 10:10 PM, Robby Findler < > ro...@eecs.northwestern.edu> wrote: > >> Matthew reminded me of an old thread on this topic: >> >> http://lists.racket-lang.org/dev/archive/2013-February/011741.html >> >> Two points worth mentioning here. >> >> Ryan & John: can you use the GUI package manager to install a package >> instead of writing a program in the drracket window that does it, at least >> for now? >> >> Jay, Sam: there is a slippery notion of exactly what amount of trust I am >> willing to give programs that I run in drracket that needs to be sorted out >> before we decide what is the right way to go for the larger question of >> whether or not to allow pkg installation to happen via running a drracket >> program. >> >> In particular, I think it is reasonable for a user to expect that they >> may be doing something dangerous when they install a pkg -- they should try >> to figure out first if they trust that package before installing it. But >> maybe we want to have a lower bar for programs that we run inside DrRacket. >> I'm not saying that we are going to try to eliminate the (system "rm -rf >> /") programs, but maybe we should be trying to protect DrRacket itself from >> such programs. That is, I don't think we can easily describe the invariants >> that have to hold to avoid breaking my underlying OS when running a racket >> program, but maybe we can more easily describe the invariants that have to >> hold to avoid destroying the drracket/racket installation (without >> destroying the underlying OS) and maybe we should prohibit drracket >> programs from breaking those. And if we did that, then we'd want to say >> that package installation is off limits. >> >> (And, of course, the error message should explain all this .... :) >> >> Robby >> >> >> >> >> On Thu, Oct 24, 2013 at 2:16 PM, Robby Findler < >> ro...@eecs.northwestern.edu> wrote: >> >>> Jay and I have talked offline and apparently this is something that came >>> up before and so I'm now back on track trying to understand and fix the >>> underlying problem. >>> >>> Robby >>> >>> >>> >>> On Thu, Oct 24, 2013 at 1:47 PM, John Clements < >>> cleme...@brinckerhoff.org> wrote: >>> >>>> >>>> On Oct 24, 2013, at 7:28 AM, Robby Findler wrote: >>>> >>>> > This doesn't sound great. Can you explain more what you mean here >>>> about programs not being able to run in DrRacket, please? >>>> >>>> +1 ... I was hoping to be able to tell Windows users to run programs >>>> like this, as opposed to using Command Prompt.exe, which is like pulling >>>> teeth ("oh ... maybe you installed DrRacket in the c:\Program Files (x86)\ >>>> folder...."). >>>> >>>> John >>>> >>>> >>> >> >> ____________________ >> Racket Users list: >> http://lists.racket-lang.org/users >> >> >
____________________ Racket Users list: http://lists.racket-lang.org/users
