Front page | perl.perl5.porters |
Postings from July 2008
Abigail wrote: > Eh, the argument Aristotle and I used, and Rafael agrees with isn't that > programs will break with newer versions of Perl, it's that programs > written to be safe in 5.12 (or whenever <> defaults to 3-arg), become > unsafe when run with an older perl. But if you leave <> as is, and use > <<>> for 3-arg open, a program using safe opens won't run on a perl that > doesn't have the feature. > > Surely you must agree that a program is safer if it refuses to run on a > perl that doesn't use 3-arg open than a program that silently uses 2-arg > open? This can also be accomplished with "use v5.12", no? Do we assume that somebody who knows or learns about the 3-arg-diamond also knows about the security-implications? I would say 'yes', so this programmer will probably care enough to insert a 'use v5.12' to prevent running on older perls. A programmer who in your case uses the 3-arg-open '<<>>' already gives up backward-compatibility, preventing usage of the script in an unsafe environment. Which he also could do in my case by using the '<>' changed to 3-arg-open and adding 'use v5.12'. RolandThread Previous | Thread Next