What does "safe" mean, in this context? In any way, I don't think you can determine that in general. Go allows race conditions and in general they might be abused to do arbitrary unsafe operations, AIUI. If you want safe execution of Go code, use nacl.
On Mon, Feb 12, 2018 at 8:43 PM, dc0d <kaveh.shahbaz...@gmail.com> wrote: > Is there a way to identify a package as safe? > > Let's restrict the imported packages to built-in ones. Now assuming a > package only imports "strings" and "net/url" can it considered as safe? > Since it does not (can not) modify the environment (most notably executing > code)? > > Of course the package still can behave in a malicious manner by (for > example) creating too many goroutines. > > This came to mind when I was reading about package managers and learnt > some problems that they have. > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
