[go-nuts] Re: Safe Packages
And I did not mean this to be a language feature. Just a tool - or part of linter. On Monday, February 12, 2018 at 11:36:36 PM UTC+3:30, dc0d wrote: > > Awesome! > > (IMHO) > > Going for total immutability is not a best fit for Go. I was thinking like > excluding packages like unsafe, reflect, executing external programs and > the like. > > Capabilities seems unnecessarily complicated - getting used to them is not > easy, like in Pony/ponylang. > > Thanks for the link, > > On Monday, February 12, 2018 at 11:23:42 PM UTC+3:30, matthe...@gmail.com > wrote: >> >> We’ve been discussing stateless packages here: >> https://github.com/golang/go/issues/23267 >> >> Matt >> >> On Monday, February 12, 2018 at 1:43:05 PM UTC-6, dc0d wrote: >>> >>> Is there a way to identify a package as safe? >>> >>> Let's restrict the imported packages to built-in ones. Now assuming a >>> package only imports "strings" and "net/url" can it considered as safe? >>> Since it does not (can not) modify the environment (most notably executing >>> code)? >>> >>> Of course the package still can behave in a malicious manner by (for >>> example) creating too many goroutines. >>> >>> This came to mind when I was reading about package managers and learnt >>> some problems that they have. >>> >> -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[go-nuts] Re: Safe Packages
Awesome! (IMHO) Going for total immutability is not a best fit for Go. I was thinking like excluding packages like unsafe, reflect, executing external programs and the like. Capabilities seems unnecessarily complicated - getting used to them is not easy, like in Pony/ponylang. Thanks for the link, On Monday, February 12, 2018 at 11:23:42 PM UTC+3:30, matthe...@gmail.com wrote: > > We’ve been discussing stateless packages here: > https://github.com/golang/go/issues/23267 > > Matt > > On Monday, February 12, 2018 at 1:43:05 PM UTC-6, dc0d wrote: >> >> Is there a way to identify a package as safe? >> >> Let's restrict the imported packages to built-in ones. Now assuming a >> package only imports "strings" and "net/url" can it considered as safe? >> Since it does not (can not) modify the environment (most notably executing >> code)? >> >> Of course the package still can behave in a malicious manner by (for >> example) creating too many goroutines. >> >> This came to mind when I was reading about package managers and learnt >> some problems that they have. >> > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[go-nuts] Re: Safe Packages
Only in the context of imported packages and only in terms of causing side-effects "outside" the context of current executable binary. On Monday, February 12, 2018 at 11:19:13 PM UTC+3:30, Paul Brousseau wrote: > > I think that might depend on what qualities you define as "safe"? > > > On Monday, February 12, 2018 at 12:43:05 PM UTC-7, dc0d wrote: >> >> Is there a way to identify a package as safe? >> >> Let's restrict the imported packages to built-in ones. Now assuming a >> package only imports "strings" and "net/url" can it considered as safe? >> Since it does not (can not) modify the environment (most notably executing >> code)? >> >> Of course the package still can behave in a malicious manner by (for >> example) creating too many goroutines. >> >> This came to mind when I was reading about package managers and learnt >> some problems that they have. >> > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[go-nuts] Re: Safe Packages
We’ve been discussing stateless packages here: https://github.com/golang/go/issues/23267 Matt On Monday, February 12, 2018 at 1:43:05 PM UTC-6, dc0d wrote: > > Is there a way to identify a package as safe? > > Let's restrict the imported packages to built-in ones. Now assuming a > package only imports "strings" and "net/url" can it considered as safe? > Since it does not (can not) modify the environment (most notably executing > code)? > > Of course the package still can behave in a malicious manner by (for > example) creating too many goroutines. > > This came to mind when I was reading about package managers and learnt > some problems that they have. > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[go-nuts] Re: Safe Packages
I think that might depend on what qualities you define as "safe"? On Monday, February 12, 2018 at 12:43:05 PM UTC-7, dc0d wrote: > > Is there a way to identify a package as safe? > > Let's restrict the imported packages to built-in ones. Now assuming a > package only imports "strings" and "net/url" can it considered as safe? > Since it does not (can not) modify the environment (most notably executing > code)? > > Of course the package still can behave in a malicious manner by (for > example) creating too many goroutines. > > This came to mind when I was reading about package managers and learnt > some problems that they have. > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.