Front page | perl.perl5.porters |
Postings from July 2008
Hi Tom, * Tom Christiansen <tchrist@perl.com> [2008-07-29 05:40]: > The thought of updating triple-digit numbers of my happily > running scripts that certain individuals would just as well see > broken is really beyond the conscionable--or its promulgators, > conscientiousness. do these scripts enable warnings? * Abigail <abigail@abigail.be> [2008-07-28 21:30]: > - Programs that wouldn't use while (<>) pre-5.12 (because they > might run in an environment where file names may start with > '|' or '>') will use 3-arg "safe" while (<>), will be, > silently, a security issue when run with a pre-5.12. > > If you make "while (<<>>)" to be 3-arg open, then at least such > programs will fail to compile when run with a pre-5.12 perl. Exactly. I want to highlight this again: in my opinion, having code that is safe under 5.12 (or 5.10.1 or whenever) not silently become unsafe under 5.10.0 or earlier is an incontrovertible argument for introducing a new safe diamond-like operator as incompatible syntax. We can discourage the unconsidered use of magic ARGV with a warning. This would be the exact same strategy that C compilers followed WRT `gets`, which it seems to me worked well for C. It also seems to me that the people who are certain enough that they want this feature are also people who won’t shy away from muting a warning. Regards, -- Aristotle Pagaltzis // <http://plasmasturm.org/>Thread Previous | Thread Next