Hi, Colin Watson wrote on Sun, Mar 03, 2019 at 12:02:31PM +0000: > On Fri, Mar 01, 2019 at 04:41:36PM +0000, Deri wrote:
>> I prefer the first solution you suggested, upon which my code was based, >> because there will be no change of behaviour. I have been unable to find That sounds reckless to me, accepting unnecessary risk for very weak and marginal reasons. > I argue that - if we're trying to construct a secure system, which I hope > we are - this is fundamentally the wrong approach. I strongly agree with Colin, and i think he is explaining his case very well. I'd even go a step further and stress that simpler, safer, less magical facilities ought to be preferred even when that causes minor loss of functionality. In contrast to the shell, which is practically impossible to use safely, the Perl programming language *can* be used safely, but it requires discipline and restraint. Don't forget that too much cleverness and complexity are among the worst enemies of correctness and security, and that Perl is notorious for being complicated - if you pick the wrong features. If you have to make a substantial argument to prove that something is safe, that means it is *not* safe enough for use in practice and ought to be avoided. Of course, Colin is also right that avoiding magic in the first place is almost always better than escaping against it. It is a corollary of the well-known fact that whitelisting (i.e. explicitly listing what is allowed) is almost always much better than blacklisting (i.e. attempting to list everything that might be dangerous). Yours, Ingo
