Could D be used by Jonathan Blow rather jai language?
feepingcreature at gmail.com
Thu Nov 19 07:39:32 UTC 2020
On Thursday, 19 November 2020 at 01:02:17 UTC, H. S. Teoh wrote:
> Build-specific logic is no longer restricted to the build
> scripts, now *any* random piece of code *anywhere* in any
> source file can contain build logic. Or arbitrary network code
> that performs arbitrary network operations while the code is
> compiling. Y'know, like while the code is compiling it starts
> editing a database on some remote server somewhere and
> publishes stuff to Facebook.
> And let's not mention build reproducibility, which goes right
> out the window. Good luck debugging your code, that modifies
> arbitrary remote resources during compilation. [...]
> It's an undebuggable, free-for-all, wild-wild-west nightmare
> for maintenance.
Right, but if you're pulling in remote software with a package
manager you *already* trust that that software is sane. Sure,
with a Turing-complete build system those packages may be able to
do arbitrary things on your systems - but if you don't check
their code, they may be able to do arbitrary things on your
*customers'* systems *anyway*, which is arguably worse. You
already embrace this risk when you use packages.
I think stuff like reproducibility is better solved as
convention. For instance, require that your package hoster get a
clean test build for every published package, and limit network
access during the test build.
More information about the Digitalmars-d