Re: Specification for Trusted PLs?
| От | Florian Pflug |
|---|---|
| Тема | Re: Specification for Trusted PLs? |
| Дата | |
| Msg-id | 7E7EA792-8035-4C68-AB41-EC4658AFEAB6@phlo.org обсуждение исходный текст |
| Ответ на | Re: Specification for Trusted PLs? (Stephen Frost <sfrost@snowman.net>) |
| Список | pgsql-hackers |
On May 21, 2010, at 18:26 , Stephen Frost wrote: > * David Fetter (david@fetter.org) wrote: >> These need to be testable conditions, and new tests need to get added >> any time we find that we've missed something. Making this concept >> fuzzier is exactly the wrong direction to go. > > I'm really not sure that we want to be in the business of writing a ton > of regression tests to see if languages which claim to be trusted really > are.. Well, testing software security via regression tests certainly is sounds intriguing. But unfortunately, it's impossible alsoAFAICS - it'd amount to testing for the *absence* of features, which seems hard... I suggest the following definition of "trusted PL". "While potentially preventing excruciating pain, saving tons of sweat and allowing code reuse, actually adds nothing in termsof features over pl/pgsql". best regards, Florian Pflug
В списке pgsql-hackers по дате отправления: