[racket-dev] [plt] Push #27862: master branch updated

From: Matthias Felleisen (matthias at ccs.neu.edu)
Date: Thu Nov 28 09:44:48 EST 2013

Am I naive or isn't any download of any package opening the door to such tricks? 

On Nov 27, 2013, at 8:46 PM, Jay McCarthy wrote:

> On Wed, Nov 27, 2013 at 6:27 PM, Robby Findler
> <robby at eecs.northwestern.edu> wrote:
>> On Wed, Nov 27, 2013 at 7:21 PM, Jay McCarthy <jay at racket-lang.org> wrote:
>>> If I have background expansion on, then when I open that file it
>>> installs the package.
>> As I wrote in my previous message, it doesn't do that for me. And I don't
>> see how it could do that, actually. Are you saying that you tried this?
> Yes. I put that in a file and opened it up with DrRacket then got the
> "Can't download a Planet package" error message as-if the install were
> stopped.
>> Can you explain how you have configured DrRacket to disable the security
>> guard that is installed by the background expansion process, please?
> Perhaps my trial was bad because the security guard would have stopped
> the network access but my error stopped the library from attempting
> the network access?
> Regardless, "Check Syntax" (I think?) or compilation in Racket would
> have installed it. [Now, obviously the same macro tricks could
> explicitly call download/install-pkg... but I think it is a bit feeble
> to say "Check Syntax" should make no attempt to prevent package
> installation.]
>> Meanwhile, I would like to point out that your commit has completely
>> disabled planet. No packages can be installed. Did you run any test suites
>> after making this change?
> I tried to install and fetch some packages. I see now that I committed
> in the "racket/collects" directory but the changes to make that work
> were in the "pkgs/planet-pkgs" directory so I stupidly missed them.
> Jay
>> Robby
> _________________________
>  Racket Developers list:
>  http://lists.racket-lang.org/dev

Posted on the dev mailing list.