On 8/16/23 01:07, Alexander Monakov wrote:
On Tue, 15 Aug 2023, Siddhesh Poyarekar wrote:
Thanks, this is nicer (see notes below). My main concern is that we
shouldn't pretend there's some method of verifying that arbitrary source
code is "safe" to pass to an unsandboxed compiler, nor should we push
the responsibility of doing that on users.
But responsibility would be pushed to users, wouldn't it?
Making users responsible for verifying that sources are "safe" is not okay
(we cannot teach them how to do that since there's no general method).
While there is no "general method" for this, there exists a whole
Working Group under ISO whose responsibility is to identify and list
vulnerabilities in programming languages - Working Group 23.
Its web page is: https://www.open-std.org/jtc1/sc22/wg23/
Kind regards,
--
Toon Moene - e-mail: t...@moene.org - phone: +31 346 214290
Saturnushof 14, 3738 XG Maartensdijk, The Netherlands
