[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: gEDA-user: [RFC 1/6] Non-Turing-complete configuration files.

To: gEDA user mailing list <geda-user@xxxxxxxxxxxxxx>
Subject: Re: gEDA-user: [RFC 1/6] Non-Turing-complete configuration files.
From: r <nbs.public@xxxxxxxxx>
Date: Sun, 18 Jan 2009 00:10:31 +0000
Delivered-to: archiver@xxxxxxxx
Delivered-to: geda-user@xxxxxxxxxxxxxx
Delivery-date: Sat, 17 Jan 2009 19:10:38 -0500
In-reply-to: <1232212110.22209.6.camel@pcjc2lap>
List-archive: <http://www.seul.org/pipermail/geda-user>
List-help: <mailto:geda-user-request@moria.seul.org?subject=help>
List-id: gEDA user mailing list <geda-user.moria.seul.org>
List-post: <mailto:geda-user@moria.seul.org>
List-subscribe: <http://www.seul.org/cgi-bin/mailman/listinfo/geda-user>, <mailto:geda-user-request@moria.seul.org?subject=subscribe>
List-unsubscribe: <http://www.seul.org/cgi-bin/mailman/listinfo/geda-user>, <mailto:geda-user-request@moria.seul.org?subject=unsubscribe>
References: <1f06b40c.fsf@xxxxxxxxxxxxx> <m34ozyg9ax.fsf@xxxxxxxxxxxxxxxxxxxxxxx> <116fc2d90901170853p7d14ef4bq871925d60f8cff59@xxxxxxxxxxxxxx> <1232212110.22209.6.camel@pcjc2lap>
Reply-to: gEDA user mailing list <geda-user@xxxxxxxxxxxxxx>
Sender: geda-user-bounces@xxxxxxxxxxxxxx

On Sat, Jan 17, 2009 at 5:08 PM, Peter Clifton <pcjc2@xxxxxxxxx> wrote:
>
>> Sorry if I will be too long, but this is an important question.
>> Short version: Don't Do That!
>
> Rebuttal:
>
> Least important reason: Turing complete may present security
> implications.
>
> (BTW: Just saying "sandbox" the interpreter is very easy. Actually doing
> it properly is another matter.)

Well, when it comes to security nothing is easy. But writing a safe
sandboxed Scheme interpreter is not more difficult than writing a safe
configuration parser. Both solutions share same two risks: parsing
(especially when implemented in C) and accessing exposed
primitives/variables.

> Real crux of the matter: If you accept free-form input, it becomes
> inordinately more difficult to write any sane GUI, or write-back of
> changed config options. (Since the config file might be arbitrarily
> complex).

Fair enough. I'm not particularly attached to the current
configuration mechanism (although setting callbacks without this could
be difficult). I just don't think it is broken or particularly needs
an improvement. Actually, this is currently one of the gEDA's
strongest points.

Regards,
-r

_______________________________________________
geda-user mailing list
geda-user@xxxxxxxxxxxxxx
http://www.seul.org/cgi-bin/mailman/listinfo/geda-user

Follow-Ups:
- Re: gEDA-user: [RFC 1/6] Non-Turing-complete configuration files.
  - From: Peter Clifton

References:
- gEDA-user: [RFC 0/6] Some suggestions for discussion.
  - From: Peter TB Brett
- gEDA-user: [RFC 1/6] Non-Turing-complete configuration files.
  - From: Peter TB Brett
- Re: gEDA-user: [RFC 1/6] Non-Turing-complete configuration files.
  - From: Árpád Magosányi
- Re: gEDA-user: [RFC 1/6] Non-Turing-complete configuration files.
  - From: Peter Clifton

Prev by Author: Re: gEDA-user: [RFC 2/6] Plugin system
Next by Author: Re: gEDA-user: gnucap questions
Previous by thread: Re: gEDA-user: [RFC 1/6] Non-Turing-complete configuration files.
Next by thread: Re: gEDA-user: [RFC 1/6] Non-Turing-complete configuration files.
Index(es):
- Author
- Thread