Re: Specification for Trusted PLs?
Florian Pflug <fgp@phlo.org>
From: Florian Pflug <fgp@phlo.org>
To: Stephen Frost <sfrost@snowman.net>
Cc: David Fetter <david@fetter.org>, Magnus Hagander <magnus@hagander.net>, Josh Berkus <josh@agliodbs.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2010-05-21T18:04:20Z
Lists: pgsql-hackers
On May 21, 2010, at 18:26 , Stephen Frost wrote: > * David Fetter (david@fetter.org) wrote: >> These need to be testable conditions, and new tests need to get added >> any time we find that we've missed something. Making this concept >> fuzzier is exactly the wrong direction to go. > > I'm really not sure that we want to be in the business of writing a ton > of regression tests to see if languages which claim to be trusted really > are.. Well, testing software security via regression tests certainly is sounds intriguing. But unfortunately, it's impossible also AFAICS - it'd amount to testing for the *absence* of features, which seems hard... I suggest the following definition of "trusted PL". "While potentially preventing excruciating pain, saving tons of sweat and allowing code reuse, actually adds nothing in terms of features over pl/pgsql". best regards, Florian Pflug