[plt-scheme] Does the autoloading of snip-classes support a PLaneT source?

From: Sam TH (samth at ccs.neu.edu)
Date: Fri May 30 22:00:48 EDT 2008

Previous message: [plt-scheme] Does the autoloading of snip-classes support a PLaneT source?
Next message: [plt-scheme] What is needed to use gensym?
Messages sorted by: [date] [thread] [subject] [author]

On Fri, May 30, 2008 at 9:02 PM, Danny Yoo <dyoo at cs.wpi.edu> wrote:
>>> I see that if the snip-class name is of the form "(lib ...)" that the
>>> snipclass can be dynamic-required.  Can the the same support be available
>>> for PLaneT-derived snips?
>>>
>>> I'm looking at mred/private/snipfile.ss, and I see that the definition
>>> for "ok-lib-path?" only allows snip-classes to be auto-loaded from
>>> collections.  If that definition could be expanded to also allow PLaneT
>>> packages (maybe by just using module-path?), that would be nice.
>>
>> We haven't allowed this, so far, because it would mean that merely opening
>> a file in DrScheme would be enough to have code downloaded and installed on
>> your machine.
>
>
>
> That may be a good thing from a usability point of view, and probably a
> security nightmare from the administrator's.  :)
>
> But I wanted to come back to this point.  What's in place now doesn't seem
> like much protection; concretely, if I do a Check-syntax on a file written
> by someone else, this too can potentially trigger the download and
> installation of a PLaneT package, even though I haven't Run the program.

This is true even without snips - this program downloads from planet
when you hit check syntax:

#lang scheme
(require (for-syntax (planet "file.ss" ("me" "package.plt"))))

-- 
sam th
samth at ccs.neu.edu

Posted on the users mailing list.

Previous message: [plt-scheme] Does the autoloading of snip-classes support a PLaneT source?
Next message: [plt-scheme] What is needed to use gensym?
Messages sorted by: [date] [thread] [subject] [author]