[racket] PLaneT (Was: are people using untyped/snooze?)

From: Eli Barzilay (eli at barzilay.org)
Date: Thu Aug 18 17:40:46 EDT 2011

Two hours ago, Neil Van Dyke wrote:
> If you guys are also doing any work on PLaneT itself, one thing that 
> might be good to do at the same time is to make the mechanism that 
> handles PLaneT "require"s be pluggable by the user.
> Over the years, several times I've mentioned security and stability 
> issues involving PLaneT packages.  Now I'm wondering whether, rather 
> than trying to get all the security right in core Racket, it would be a 
> lot easier to make the mechanism pluggable. If pluggable, then 
> organizations and applications could plug in their own policies for what 
> packages and versions are permissible, from where are they gotten and 
> how, how are they authenticated, any constraints on installing (e.g., 
> sandboxing, requiring user to inspect and approve, etc.).  This would 
> also make it easier for people other than the PLaneT maintainer to 
> experiment with behavior and to upload their modified behavior as PLaneT 
> packages for others to try.

Any suggestions on how to do that?  (I'm asking about how it would
look for users, not how to implement it.)

          ((lambda (x) (x x)) (lambda (x) (x x)))          Eli Barzilay:
                    http://barzilay.org/                   Maze is Life!

Posted on the users mailing list.