Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Saying that any effort to regulate the source code of loaded extensions amounts to "shackling" is throwing FUD on the whole idea

No amount of vitriolic words or technical nitpicking will change the fact that there will be more work to be done, both by application developers enforcing policies and by extensions having to oblige them.

> the current fashion in programming languages is to allow an implementation to do anything... I think life could, in fact, get easier.

Easier for whom? Not for the lib developer, who will have to follow more rules ("import" mechanisms already have some, by the way), nor for the runtime developer, who will have to enforce them. Easier for the final user who executes runtime and lib? Maybe, but then you cannot expect any serious traction from developers (whose life you're making harder). Trade-offs and all that.



First of all, I didn't mean my FUD remark to be vitriolic.

I disagree that it is more work in total; I don't think you're taking into account the work that will no longer have to be done, namely work spent searching for cross-module bugs introduced when a security proof for one module relies on a condition which cannot be expressed in the underlying language.

I agree that it is a new type of work though.

Edit: easier for the mathematician who wants to prove that system X has security characteristic Y




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: