Andrei's list of barriers to D adoption
Jonathan M Davis via Digitalmars-d
digitalmars-d at puremagic.com
Tue Jun 7 13:41:21 PDT 2016
On Tuesday, June 07, 2016 06:47:39 H. S. Teoh via Digitalmars-d wrote:
> I can't seem to find an issue I filed some years ago about @safe needing
> to be whitelist-based rather than blacklist-based. Did it get closed
> while I wasn't looking?
Walter closed it a day or two ago on the grounds that it wasn't a specific
issue but more of a discussion topic:
https://issues.dlang.org/show_bug.cgi?id=12941
In principle, I think that you're very right that @safe needs to be
implemented as a whitelist. Security in general does not work as a
blacklist, and I think that @safe has the same problem. The problem is code
breakage. Even assuming that the change in implementation were
straightforward (and I have no idea whether it is or not), it would be
pretty much guranteed that we would break a lot of code marked @safe if we
were to switch to a whitelist. Some of that code is not truly @safe and
really should be fixed, but just throwing the switch like that is too
sudden. We'd probably be forced to have both a whitelist and a blaklist and
treat the whitelist results as warnings temporarily before switching fully
to the whitelist implementation. And that's likely feasible, but it seems
like it would be a bit of a mess. So, I don't know if we reasonably can
switch to a whitelist or not. But I think that it's clearly that we ideally
would.
- Jonathan M Davis
More information about the Digitalmars-d
mailing list