Re: No-taint support in Perl

>>
>> Perl should not support disabling -t/-T by making it not fatal, and
>> adding that kind of option to Configure is already supporting it. People
>> that want this kind of broken behaviour can hack the core themselves and
>> get shot in the foot all they want.
>
> Hmm, point taken and slightly surprised by the vehemence of your
> response. I respectfully disagree, though.

Sometimes I have definite opinions on things, and sometimes I voice 
them. They may or may not overlap with yours.

> Taint support doesn't feel part of the language. It's a built-in linter,
> not a language feature.  IMO, patching it out in any way is nowhere near
> as questionable as, say, removing support for formats. Formats are used
> much less frequently, yet removing them would change the language in a
> significant way. Anyway, that's just to explain where I'm coming from. I
> think that clearly documenting the nature of the switch (expert only,
> potential security risk if used wrongly, ...) is sufficient due diligence.

I just don't want Perl to support silent code breakage, especially when 
the only motivation is a slight performance improvement.

> Two compromises that would make sense to me:
>
> 1) Only support a configure flag for the variant where -t/-T is fatal.
> Keep the Perl-internal, undocumented (but obviously named) define so
> that whoever wants to use the silent variant doesn't have to maintain
> patches against Perl or if anything, only patches that are limited to
> very simple and localized changes.

What I objected against was it being *non fatal*, so I'm fine with this 
as long as it's not documented and not available through Configure. But 
note that this adds maintenance cost to the core for an undocumented 
feature, and I thought the trend was to go the other way.

> 2) Support two variants in Configure: fatal and warning (no silent
> variant).

At the time the warning is printed it's already too late, so that's as 
bad as no warning at all. And I guess that those who want the silent 
variant will not be satisfied by seeing that warning every time.

> Both compromises are perfectly fine with me.
>
> Does that make sense?
>
> Best regards,
> Steffen


Vincent.

• No-taint support in Perl by Steffen Mueller
• Re: No-taint support in Perl by Father Chrysostomos
• Re: No-taint support in Perl by Ricardo Signes
• Re: No-taint support in Perl by Steffen Mueller
• Re: No-taint support in Perl by Dave Mitchell
• Re: No-taint support in Perl by Ed Avis
• Re: No-taint support in Perl by David Golden
• RE: No-taint support in Perl by Ed Avis
• Re: No-taint support in Perl by David Golden
• Re: No-taint support in Perl by Jesse Luehrs
• Re: No-taint support in Perl by David Golden
• Re: No-taint support in Perl by Ed Avis
• Re: No-taint support in Perl by Steffen Mueller
• Re: No-taint support in Perl by Jan Dubois
• Re: No-taint support in Perl by Vincent Pit
• Re: No-taint support in Perl by Steffen Mueller
• Re: No-taint support in Perl by Andy Dougherty
• Re: No-taint support in Perl by Vincent Pit
• Re: No-taint support in Perl by David Golden
• Re: No-taint support in Perl by hv
• Re: No-taint support in Perl by David Golden
• Re: No-taint support in Perl by George Greer
• Re: No-taint support in Perl by Alexander Hartmaier
• Re: No-taint support in Perl by Steffen Schwigon
• Re: No-taint support in Perl by Alexander Hartmaier
• Re: No-taint support in Perl by Steffen Schwigon
• Re: No-taint support in Perl by Steffen Mueller
• Re: No-taint support in Perl by Alexander Hartmaier
• Re: No-taint support in Perl by Steffen Mueller
• Re: No-taint support in Perl by hv
• Re: No-taint support in Perl by Steffen Mueller
• Re: No-taint support in Perl by Sébastien Aperghis-Tramoni
• Re: No-taint support in Perl by demerphq