Stephen Frost wrote:
> * Joe Conway (mail@joeconway.com) wrote:
>> Consider a scenario like "package <x> uses <arbitrary function y in an
>> untrusted language z>". Exact same concerns arise.
>
> No, it doesn't... Said arbitrary function in y, in untrusted language
> z, could be perfectly safe for users to call.
^^^^^
*Could* be. But we just said that the admin was not interested in
reading the documentation, and has no idea if it *is* safe. And, it very
well might not be safe. We have no way to know in advance because the
language is untrusted.
> Being written in an untrusted language has got next to nothing to do with the security
> implications of a particular function. It depends entirely on what the
> function is *doing*, not what language it's written in.
Sure it matters. A function written in a trusted language is known to be
safe, a priori. A function written in an untrusted language has no such
guarantees, and therefore has to be assumed unsafe unless carefully
proved otherwise.
Joe
