Am I naive or isn't any download of any package opening the door to such
tricks?
On Nov 27, 2013, at 8:46 PM, Jay McCarthy wrote:
On Wed, Nov 27, 2013 at 6:27 PM, Robby Findler
ro...@eecs.northwestern.edu wrote:
On Wed, Nov 27, 2013 at 7:21 PM, Jay McCarthy j...@racket-lang.org
In short yes. But that short answer isn't where we should stop. :)
Really, this is about a design decision that's different between planet and
the package system: in planet, running a program was sufficient for
installing packages. In the package system you have to take an explicit
step to install
And similarly, the package system is a social curation system to
monitor packages for good behavior, which planet does do (but could
have and could now.)
Jay
On Thu, Nov 28, 2013 at 7:56 AM, Robby Findler
ro...@eecs.northwestern.edu wrote:
In short yes. But that short answer isn't where we
Oh, yes. I meant to add this to my message. This is a bit part of why I
think the package system is going to work well: there is now some movement
in this good direction. (Jacob and Matthias and I had talked about social
stuff in the context of planet a bunch, but a) didn't do enough and b)
had a
There is an important change in this commit. Since we've created the
release branch for 6.0, I think we should stop automatically
installing and executing arbitrary code when people open files in
DrRacket. Currently the error message suggests using raco planet but
I think we need a bit of a GUI
Can you demonstrate how to make this happen? Opening a file with these
contents, for example, doesn't install anything.
#lang racket
(require (planet planet/test-connection:1:0/test-connection))
As for automatically executing arbitrary code, I think you must mean
something more precise here.
If I have background expansion on, then when I open that file it
installs the package.
Since once a Planet package is installed it is set up and compiled
that means that this code:
#lang racket
(attack)
(define-syntax (attack stx)
(system rm -fr /))
is automatically run as soon as I open it
On Wed, Nov 27, 2013 at 7:21 PM, Jay McCarthy j...@racket-lang.org wrote:
If I have background expansion on, then when I open that file it
installs the package.
As I wrote in my previous message, it doesn't do that for me. And I don't
see how it could do that, actually. Are you saying that
On Wed, Nov 27, 2013 at 6:27 PM, Robby Findler
ro...@eecs.northwestern.edu wrote:
On Wed, Nov 27, 2013 at 7:21 PM, Jay McCarthy j...@racket-lang.org wrote:
If I have background expansion on, then when I open that file it
installs the package.
As I wrote in my previous message, it doesn't
9 matches
Mail list logo
