Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in

> > Ok, now I vote, that you don't implement "any" and use "opaque".
> > I don't think we want two types that do the same thing.
> > Is it that you like the name "any" more than "opaque" ?
>
> No, it's that I want to deprecate "opaque" so that we can catch old
> uses that should not be there anymore.  If you look at your code and
> you decide that "any" is the correct semantics, then fine: change
> "opaque" to "any" and the warnings will go away.  But relatively few
> existing uses of "opaque" really mean "any", and I don't want the
> people who are using "opaque" to mean "cstring", "trigger", etc
> to keep using "opaque" for those other purposes.  The idea here is
> to force a security review.

That is what I have been trying to say, imho "any" should have the same
NOTICE as opaque has, since it is potentially dangerous.
I would suggest a warning NOTICE for opaque and not depricate it.

Imho the NOTICE should *not* go away.

If we want "any" in the future, it should imho always be passed a "safe"
Datum that includes type info. This will allow us to create a type "any"
that does not have the pitfalls of opaque.

Andreas