On Wed, Jan 13, 2021 at 11:54 AM Kevin Chadwick <[email protected]> wrote:
> I appreciate that generics use will be optional. However I am concerned > that neither in the design draft nor the proposal issue, that the word > security nor safety has been used even once. "Safety" has been mentioned lots of times, in the form of "type-safety". "Security" hasn't - I assume that is because the only mention would be "we don't expect any security impact". I think claiming the opposite is sufficiently counter-intuitive, to put the burden of proof on you, to make an argument that there is some. > Assuming generics like interfaces, potentially erode type safety. Can you elaborate? Because that statement seems exactly contrary to established wisdom. Will generics increase the likelihood of security issues, aside from panics? > Can you give an example of a security issue that they might cause? Because I really can't imagine any. Again, if anything, I would expect fewer panics due to more type-safety, so at least fewer DoS attacks (though, to be clear, I think it is more likely they are completely neutral). How many security issues and/or production panics to date might have been > avoided by avoiding interface use all together? > I assume panics in production are sufficiently common that you could find some to point at and attribute them to a use of interfaces. Security issues are significantly less common. Maybe you can point to some? Preferably some with CVE numbers assigned. > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/DEFAB41C-6AF9-49FE-955A-4ED730C57DDE%40gmail.com > . > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAEkBMfGcrOn3%2B%2BC-Jc3fmL2Gx2uuYacQyr773Jb1HsXsxekytQ%40mail.gmail.com.
