[racket] PLaneT (Was: are people using untyped/snooze?)

From: Eli Barzilay (eli at barzilay.org)
Date: Thu Aug 18 17:40:46 EDT 2011

Two hours ago, Neil Van Dyke wrote:
> 
> If you guys are also doing any work on PLaneT itself, one thing that 
> might be good to do at the same time is to make the mechanism that 
> handles PLaneT "require"s be pluggable by the user.
> 
> Over the years, several times I've mentioned security and stability 
> issues involving PLaneT packages.  Now I'm wondering whether, rather 
> than trying to get all the security right in core Racket, it would be a 
> lot easier to make the mechanism pluggable. If pluggable, then 
> organizations and applications could plug in their own policies for what 
> packages and versions are permissible, from where are they gotten and 
> how, how are they authenticated, any constraints on installing (e.g., 
> sandboxing, requiring user to inspect and approve, etc.).  This would 
> also make it easier for people other than the PLaneT maintainer to 
> experiment with behavior and to upload their modified behavior as PLaneT 
> packages for others to try.

Any suggestions on how to do that?  (I'm asking about how it would
look for users, not how to implement it.)

-- 
          ((lambda (x) (x x)) (lambda (x) (x x)))          Eli Barzilay:
                    http://barzilay.org/                   Maze is Life!


Posted on the users mailing list.