Hi Chris, While I understand the general goal you are aiming at, it isn't quite clear to me who you are trying to protect against who. There's a wide spectrum of people involved, ranging from language designers via library developers and application developers to end users. Who is going to define your capabilities? Who is supposed to be protected by them? And who is the potential villain whose evil doings need to be checked for?
Your example doesn't help much with this, as playing a game of solitaire from the Racket REPL is not a relevant real-life scenario. The typical solitaire player is an end-user who double-clicks an application and wouldn't understand the implications of granting access to a single window. Technical measures to establishing trust work only between technology experts. So perhaps you aim at protecting application developers against abusive libraries? In that case, I'd expect the main challenge to be the design of a sufficiently flexible yet manageable capability system that doesn't add tons of additional complexity to software. Konrad. -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/racket-users/m1blxvsp4m.fsf%40ordinateur-de-catherine--konrad.home. For more options, visit https://groups.google.com/d/optout.