On 6/14/11 2:34 PM, Robert Clipsham wrote:
On 14/06/2011 20:07, Andrei Alexandrescu wrote:
On 6/14/11 1:22 PM, Robert Clipsham wrote:
On 14/06/2011 14:53, Andrei Alexandrescu wrote:
http://www.wikiservice.at/d/wiki.cgi?LanguageDevel/DIPs/DIP11
Destroy.
Andrei
This doesn't seem like the right solution to the problem - the correct
solution, in my opinion, is to have a build tool/package manager handle
this, not the compiler.
Problems I see:
* Remote server gets hacked, everyone using the library now
executes malicious code
This liability is not different from a traditional setup.
Perhaps, but with a proper package management tool this can be avoided
with sha sums etc, this can't happen with a direct get. Admittedly this
line of defense falls if the intermediate server is hacked.
You may want to update the proposal with the appropriate security artifacts.
[snip]
I don't have a problem with automatically downloading source during a
first build, I do see a problem with getting the compiler to do it
though. I don't believe the compiler should have anything to do with
getting source code, unless the compiler also becomes a package manager
and build tool.
Would you agree with the setup in which the compiler interacts during
compilation with an external executable, placed in the same dir as the
compiler, and with this spec?
dget "url"
Gets "url" and prints the local dir to stdout, or fails and prints an
error message to stderr.
Then the matter is to write dget - in D!
I feel this is going somewhere.
Andrei
