On 05/04/2013 4:14 PM, Grant Husbands wrote:
The important thing, to my mind, is that I don't have to audit the rust-jpeg library at all, and the worst it can do (probably) is a denial of service. If this became standard practice for Rust code, it would be a systems language in which it's feasible to easily include relatively untrusted third-party libraries, securely, and interact with them naturally. I think there's a lot of mileage in that.
Yeah. It'd involve reifying ... probably just the 'forbid()' lint flags used at crate top level as linkage metadata so we can specify it as a linkage criterion. It's possible but I am not sure how common or likely it'll be. It's also possible to just make this a criterion you enforce as part of coding standards, or a thing to inspect when checking dependencies manually. At some point, tooling interfaces with human choice.
-Graydon _______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
