Could D be used by Jonathan Blow rather jai language?

FeepingCreature feepingcreature at
Thu Nov 19 07:39:32 UTC 2020

On Thursday, 19 November 2020 at 01:02:17 UTC, H. S. Teoh wrote:
> Build-specific logic is no longer restricted to the build 
> scripts, now *any* random piece of code *anywhere* in any 
> source file can contain build logic.  Or arbitrary network code 
> that performs arbitrary network operations while the code is 
> compiling.  Y'know, like while the code is compiling it starts 
> editing a database on some remote server somewhere and 
> publishes stuff to Facebook.
> And let's not mention build reproducibility, which goes right 
> out the window.  Good luck debugging your code, that modifies 
> arbitrary remote resources during compilation. [...]
> It's an undebuggable, free-for-all, wild-wild-west nightmare 
> for maintenance.
> T

Right, but if you're pulling in remote software with a package 
manager you *already* trust that that software is sane. Sure, 
with a Turing-complete build system those packages may be able to 
do arbitrary things on your systems - but if you don't check 
their code, they may be able to do arbitrary things on your 
*customers'* systems *anyway*, which is arguably worse. You 
already embrace this risk when you use packages.

I think stuff like reproducibility is better solved as 
convention. For instance, require that your package hoster get a 
clean test build for every published package, and limit network 
access during the test build.

More information about the Digitalmars-d mailing list