On Sunday, 18 April 2021 at 00:38:13 UTC, Ali Çehreli wrote:
I heard about safety issues around allowing full I/O during
compilation but then the following points kind of convinced me:
- If I am compiling a program, my goal is to execute that
program anyway. What difference does it make whether the
program's compilation is harmful vs. the program itself.
I dont buy this, you can execute the code in a sandbox.
Compilation should be idempotent, writing to disk/databases
during compilation breaks this guarantee.
I would not use a language that does not ensure this.
- If we don't allow file I/O during compilation, then the build
system has to take that responsibility and can do the potential
harm then anyway.
The build system is much smaller, so easier to inspect.
