[racket] PLaneT (Was: are people using untyped/snooze?)

From: Neil Van Dyke (neil at neilvandyke.org)
Date: Thu Aug 18 15:33:33 EDT 2011

Matthias Felleisen wrote at 08/16/2011 05:26 PM:
> We (Jay, Robby, Matthew, Eli, and I) have been thinking along these lines for a few weeks. Robby is slowly putting the infrastructure into place for these things to happen eventually. -- Matthias

If you guys are also doing any work on PLaneT itself, one thing that 
might be good to do at the same time is to make the mechanism that 
handles PLaneT "require"s be pluggable by the user.

Over the years, several times I've mentioned security and stability 
issues involving PLaneT packages.  Now I'm wondering whether, rather 
than trying to get all the security right in core Racket, it would be a 
lot easier to make the mechanism pluggable. If pluggable, then 
organizations and applications could plug in their own policies for what 
packages and versions are permissible, from where are they gotten and 
how, how are they authenticated, any constraints on installing (e.g., 
sandboxing, requiring user to inspect and approve, etc.).  This would 
also make it easier for people other than the PLaneT maintainer to 
experiment with behavior and to upload their modified behavior as PLaneT 
packages for others to try.


Posted on the users mailing list.