On Wed, Jan 13, 2021 at 6:38 AM Kevin Chadwick wrote:
>
> On 1/13/21 2:09 PM, Axel Wagner wrote:
> > Let me repeat my question: Do you have any concrete reason to assume there
> > is a
> > negative security impact of generics? Feel free to bring that up.
> > Otherwise, I
> > don't see a reason
On Wed, Jan 13, 2021 at 3:38 PM Kevin Chadwick wrote:
> I don't and I don't mean to make demands of other peoples time. Though I'm
> sure
> security has been carefully considered and might be fresh in peoples minds.
I don't think it has, because I don't think it needs to be. There is no
reason
I covered the DoS. There are multitude of ways to create DoS even in “correct”
code, panics are just one example.
Memory corruption is a different class of security bug because it allows
arbitrary code execution.
> On Jan 13, 2021, at 8:20 AM, Kevin Chadwick wrote:
>
> On 1/13/21 2:06 PM,
On 1/13/21 2:09 PM, Axel Wagner wrote:
> Let me repeat my question: Do you have any concrete reason to assume there is
> a
> negative security impact of generics? Feel free to bring that up. Otherwise, I
> don't see a reason to talk about it in the design doc.
I don't and I don't mean to make
On 1/13/21 2:06 PM, Robert Engels wrote:
> A panic is not a security issue. Memory corruption/stack overflow is. In Go
> the latter is accomplished through CGo and unsafe pointers/operations.
>
It isn't as clear cut as that. Panics can be security issues and memory
corruption/stack overflows
On Wed, Jan 13, 2021 at 2:59 PM Kevin Chadwick wrote:
> Clearly Go without interfaces, especially an empty interface is safer.
> Perhaps
> Generics reduce that risk via constraints etc.?
>
I understand why you might argue interfaces make the language less safe.
But generics are a mechanism with
A panic is not a security issue. Memory corruption/stack overflow is. In Go the
latter is accomplished through CGo and unsafe pointers/operations.
Continuous panics can be considered a security issue as a DoS attack but IMO at
least there are many ways to generate continuous errors that are
On 1/13/21 11:17 AM, Axel Wagner wrote:
> Assuming generics like interfaces, potentially erode type safety.
>
>
> Can you elaborate? Because that statement seems exactly contrary to
> established
> wisdom.
Clearly Go without interfaces, especially an empty interface is safer. Perhaps
On Wed, Jan 13, 2021 at 11:54 AM Kevin Chadwick wrote:
> I appreciate that generics use will be optional. However I am concerned
> that neither in the design draft nor the proposal issue, that the word
> security nor safety has been used even once.
"Safety" has been mentioned lots of times, in
