[jruby-dev] [jira] Created: (JRUBY-1173) FindBugs issues

2007-06-27 Thread Albert Strasheim (JIRA)
FindBugs issues --- Key: JRUBY-1173 URL: http://jira.codehaus.org/browse/JRUBY-1173 Project: JRuby Issue Type: Bug Reporter: Albert Strasheim Assignee: Thomas E Enebo Attachments: findbugs.patch

[jruby-dev] [jira] Created: (JRUBY-1172) StringScanner.must_C_version public class method is missing

2007-06-27 Thread Dmitry Verkhovsky (JIRA)
StringScanner.must_C_version public class method is missing --- Key: JRUBY-1172 URL: http://jira.codehaus.org/browse/JRUBY-1172 Project: JRuby Issue Type: Bug Components: Core

[jruby-dev] [jira] Created: (JRUBY-1171) Regexp \G behaves differently from MRI

2007-06-27 Thread Dmitry Verkhovsky (JIRA)
Regexp \G behaves differently from MRI -- Key: JRUBY-1171 URL: http://jira.codehaus.org/browse/JRUBY-1171 Project: JRuby Issue Type: Bug Components: Core Classes/Modules Affects Versions: JRu

Re: [jruby-dev] Ditching SAFE and tainting

2007-06-27 Thread John Mettraux
On 6/28/07, Charles Oliver Nutter <[EMAIL PROTECTED]> wrote: The idea is that Ruby's professed safety checks are so unlikely to actually be safe that they're not even worth implementing. But we'd like some safety mechanism, yes? Thoughts? Hi Charles, it seems that JRuby is used by lots of pe

[jruby-dev] [jira] Created: (JRUBY-1170) Kernel.system does not recognize shell meta-characters when command is 'jruby'

2007-06-27 Thread Johan Holmberg (JIRA)
Kernel.system does not recognize shell meta-characters when command is 'jruby' -- Key: JRUBY-1170 URL: http://jira.codehaus.org/browse/JRUBY-1170 Project: JRuby Issu

Re: [jruby-dev] Ditching SAFE and tainting

2007-06-27 Thread dertown
Charles Oliver Nutter-2 wrote: > > dertown wrote: >> I can understand the Idea and reasoning but i am wondering if you would >> implement something else to >> preform safty checks or leave that to indivdual users? > > The idea is that Ruby's professed safety checks are so unlikely to > actual

Re: [jruby-dev] Ditching SAFE and tainting

2007-06-27 Thread Charles Oliver Nutter
dertown wrote: I can understand the Idea and reasoning but i am wondering if you would implement something else to preform safty checks or leave that to indivdual users? The idea is that Ruby's professed safety checks are so unlikely to actually be safe that they're not even worth implementing

Re: [jruby-dev] Transparent Object Persistence

2007-06-27 Thread Charles Oliver Nutter
Alan McKean wrote: Here at GemStone we are investigating adding transparent object 'persistence by reachability' to JRuby. We have run JRuby in our JVM and have the persistence working. But we end up persisting too much because of the attachment of JRuby objects to the runtime. Whenever an obje

Re: [jruby-dev] Ditching SAFE and tainting

2007-06-27 Thread dertown
Charles Oliver Nutter-2 wrote: > > SAFE and tainting go hand in hand as perhaps the sole security mechanism > in Ruby. When at various SAFE levels, you can't eval code, modify arrays > and other objects, open files and sockets, and so on. There's 5 safe > levels, increasingly more restrictiv

[jruby-dev] Transparent Object Persistence

2007-06-27 Thread Alan McKean
Here at GemStone we are investigating adding transparent object 'persistence by reachability' to JRuby. We have run JRuby in our JVM and have the persistence working. But we end up persisting too much because of the attachment of JRuby objects to the runtime. Whenever an object is saved, al

[jruby-dev] Ditching SAFE and tainting

2007-06-27 Thread Charles Oliver Nutter
SAFE and tainting go hand in hand as perhaps the sole security mechanism in Ruby. When at various SAFE levels, you can't eval code, modify arrays and other objects, open files and sockets, and so on. There's 5 safe levels, increasingly more restrictive. Except that SAFE and tainting don't work