[racket] Error when they use "programmatic" pkg

From: Laurent (laurent.orseau at gmail.com)
Date: Thu Oct 24 16:35:32 EDT 2013

Independently of how difficult it is to do this, another possibility is to
ask for permission as the program is run.
But then you may have the problem that some users (read: students) may
actually not know that they don't know what they are doing.
There could also be a checkbox somewhere to allow for unsandboxed execution
inside DrRacket.

Laurent


On Thu, Oct 24, 2013 at 10:10 PM, Robby Findler <robby at eecs.northwestern.edu
> wrote:

> Matthew reminded me of an old thread on this topic:
>
>   http://lists.racket-lang.org/dev/archive/2013-February/011741.html
>
> Two points worth mentioning here.
>
> Ryan & John: can you use the GUI package manager to install a package
> instead of writing a program in the drracket window that does it, at least
> for now?
>
> Jay, Sam: there is a slippery notion of exactly what amount of trust I am
> willing to give programs that I run in drracket that needs to be sorted out
> before we decide what is the right way to go for the larger question of
> whether or not to allow pkg installation to happen via running a drracket
> program.
>
> In particular, I think it is reasonable for a user to expect that they may
> be doing something dangerous when they install a pkg -- they should try to
> figure out first if they trust that package before installing it. But maybe
> we want to have a lower bar for programs that we run inside DrRacket. I'm
> not saying that we are going to try to eliminate the (system "rm -rf /")
> programs, but maybe we should be trying to protect DrRacket itself from
> such programs. That is, I don't think we can easily describe the invariants
> that have to hold to avoid breaking my underlying OS when running a racket
> program, but maybe we can more easily describe the invariants that have to
> hold to avoid destroying the drracket/racket installation (without
> destroying the underlying OS) and maybe we should prohibit drracket
> programs from breaking those. And if we did that, then we'd want to say
> that package installation is off limits.
>
> (And, of course, the error message should explain all this .... :)
>
> Robby
>
>
>
>
> On Thu, Oct 24, 2013 at 2:16 PM, Robby Findler <
> robby at eecs.northwestern.edu> wrote:
>
>> Jay and I have talked offline and apparently this is something that came
>> up before and so I'm now back on track trying to understand and fix the
>> underlying problem.
>>
>> Robby
>>
>>
>>
>> On Thu, Oct 24, 2013 at 1:47 PM, John Clements <clements at brinckerhoff.org
>> > wrote:
>>
>>>
>>> On Oct 24, 2013, at 7:28 AM, Robby Findler wrote:
>>>
>>> > This doesn't sound great. Can you explain more what you mean here
>>> about programs not being able to run in DrRacket, please?
>>>
>>> +1 ... I was hoping to be able to tell Windows users to run programs
>>> like this, as opposed to using Command Prompt.exe, which is like pulling
>>> teeth ("oh ... maybe you installed DrRacket in the c:\Program Files (x86)\
>>> folder....").
>>>
>>> John
>>>
>>>
>>
>
> ____________________
>   Racket Users list:
>   http://lists.racket-lang.org/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.racket-lang.org/users/archive/attachments/20131024/41c2808d/attachment.html>

Posted on the users mailing list.