On Mon, Mar 18, 2013 at 02:03:41PM -0400, Mario Domenech Goulart wrote: > Maybe I'm too paranoid? Or missing something?
No, you're spot on. I think given a choice, we should always err on the side of security and adhere to the Principle Of Least Astonishment. For convenient scripting, a "dwim" egg could be created that does all these dangerous but convenient things. Then this is the user's responsibility and if his system gets owned it wasn't due to a chicken fuck-up. Implicitly "convenient" behaviour is the root of all evil. We recently had the same discussion about substring; there is no easy way to build the sane features on top of an API with bells and whistles, except by adding lots of checks all over the place, as you pointed out in your example. Building those convenience layers on top of the core, stable functionality is easily done, and can be wrapped up as an egg. Cheers, Peter -- http://www.more-magic.net _______________________________________________ Chicken-hackers mailing list Chicken-hackers@nongnu.org https://lists.nongnu.org/mailman/listinfo/chicken-hackers