develooper Front page | perl.perl5.porters | Postings from February 2017

Re: Should we consider locked hashes a failed experiment?

Thread Previous | Thread Next
Steffen Mueller
February 2, 2017 16:53
Re: Should we consider locked hashes a failed experiment?
Message ID:
On 02/02/2017 11:31 AM, Vincent Pit (VPIT) wrote:
> Le 02/02/2017 à 02:18, demerphq a écrit :
>> Not really.  At work we use this build widely. We are a version behind
>> but the pumpking and several core committers use it regularly.
> Yes really. It's not because you're using it at work that it's
> officially supported by the porters.
> And of the several committers that are using it, well, it's pretty clear
> where most are working at right now, isn't it? :)

No need to be afraid of naming it. It may well be that is 
the only user of a perl that has taint support compiled out.

BUT without any doubt, we'd expend the effort to fix any issues that 
would come out of this. We have perfectly strongly vested interest in that.

We also currently use a very, very sizeable fraction of CPAN (likely too 
much for our own good, I have to admit), and we have an 8 digit number 
of lines of code (not including CPAN upstream) written by over a 
thousand developers (ie. there is no clear alignment with that number of 
devs on how exactly to do all things, and thus likely exercising more 
corner cases than we'd like).

options are very likely better tested than the majority of other options 
one might choose to use.

As for documentation, we have this in perl.h:

/* By compiling a perl with -DNO_TAINT_SUPPORT or -DSILENT_NO_TAINT_SUPPORT,
  * you get a perl without taint support, but doubtlessly with a lesser
  * degree of support. Do not do so unless you know exactly what it means
  * technically, have a good reason to do so, and know exactly how the
  * perl will be used. perls with -DSILENT_NO_TAINT_SUPPORT are considered
  * a potential security risk due to flat out ignoring the security-relevant
  * taint flags. This being said, a perl without taint support compiled in
  * has marginal run-time performance benefits.
  * SILENT_NO_TAINT_SUPPORT is the same as NO_TAINT_SUPPORT except it
  * silently ignores -t/-T instead of throwing an exception.
  *         voids your nonexistent warranty!

Which very deliberately overly discourages setting that define to avoid 
traps for the uninitiated. (Last thing we need is some linux distro 
setting that because it seemed a good idea at the time.)

It also pretty much says what it does. What other docs would you expect 
for something like this?


Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About