Re: Specification for Trusted PLs? - Mailing list pgsql-hackers

From Florian Pflug
Subject Re: Specification for Trusted PLs?
Date
Msg-id 7E7EA792-8035-4C68-AB41-EC4658AFEAB6@phlo.org
Whole thread Raw
In response to Re: Specification for Trusted PLs?  (Stephen Frost <sfrost@snowman.net>)
List pgsql-hackers
On May 21, 2010, at 18:26 , Stephen Frost wrote:
> * David Fetter (david@fetter.org) wrote:
>> These need to be testable conditions, and new tests need to get added
>> any time we find that we've missed something.  Making this concept
>> fuzzier is exactly the wrong direction to go.
>
> I'm really not sure that we want to be in the business of writing a ton
> of regression tests to see if languages which claim to be trusted really
> are..


Well, testing software security via regression tests certainly is sounds intriguing. But unfortunately, it's impossible
alsoAFAICS - it'd amount to testing for the *absence* of features, which seems hard... 

I suggest the following definition of "trusted PL".
"While potentially preventing excruciating pain, saving tons of sweat and allowing code reuse, actually adds nothing in
termsof features over pl/pgsql". 

best regards,
Florian Pflug



pgsql-hackers by date:

Previous
From: David Fetter
Date:
Subject: Re: Specification for Trusted PLs?
Next
From: Stephen Frost
Date:
Subject: Re: Specification for Trusted PLs?