in reply to Safe Code?

My understanding is that Safe is not very safe. And it is restrictive enough to keep virtually any interesting code from running. Therefore I would not recommend running it.

On the bigger question of open source and security, Open and Closed Systems are Equivalent seems to be a good approximation of reality. While open source software is likely to be of better quality than closed source, it is also easier to analyze for security holes. Those two effects seem to offset each other pretty well, with a wide variance by project.

For more background, Economics and Security has a lot of interesting material on why people wind up accepting insecurity.

Replies are listed 'Best First'.
Re^2: Safe Code?
by BUU (Prior) on May 24, 2005 at 02:33 UTC
    My understanding is that Safe is not very safe. And it is restrictive enough to keep virtually any interesting code from running. Therefore I would not recommend running it.
    Ya know, I've heard a lot of people repeat this, but I have yet to see any actual demonstration of breaking a Safe container. Not that I'm saying it can't be done, merely that I've yet to see people prove their repeated statements of "oh it's not very safe". I'm also not trying to single you out specifically, obviously, you just happened to have repeated it most recently.

    So, does *anyone* have any evidence that the current Safe "isn't very safe"?
[reply]
      So, does *anyone* have any evidence that the current Safe "isn't very safe"?

      Yup. The continual number of exploits and fixes made in the library. Even if there are no currently known exploits the history of the module makes me deeply suspicious that it can be relied upon as the primary mechanism for securing code.

[reply]

In Section Seekers of Perl Wisdom