[e-lang] An object-capability subset of Python
Toby Murray
toby.murray at comlab.ox.ac.uk
Tue Sep 16 02:58:05 CDT 2008
On Mon, 2008-09-15 at 23:57 +0000, Karp, Alan H wrote:
> Brett Cannon wrote:
> >
> > But even if we were trying to create a secure subset, no one stepped
> > forward to point out any security implications of the decision. I
> > honestly might be the closest thing we have to being a "security
> > expert" on the core team and that is not saying much.
> >
> Maybe you should forward interesting proposals to this list for comments. That goes for people working on other language efforts, too. Very often a small difference in a language feature makes all the difference in providing a secure subset.
Surely it's not the responsibility of general language developers to
ensure the concerns of the "security sideshow" (to quote Linus Torvalds)
are given priority. Rather it should be our responsibility to influence
the design process of languages if we want to ensure that future
revisions will meet our needs (e.g. allow secure ocap subsetting, etc.)
More importantly, we should be producing outputs that prove the value of
our concerns (e.g. the power of a secure ocap subset to build robust
programs) before we ask them to be taken seriously by those who are
trying to juggle the diverse interests of an entire language community.
Cheers
Toby
More information about the e-lang
mailing list