[racket] Error when they use "programmatic" pkg

From: Robby Findler (robby at eecs.northwestern.edu)
Date: Thu Oct 24 16:10:44 EDT 2013

Matthew reminded me of an old thread on this topic:

  http://lists.racket-lang.org/dev/archive/2013-February/011741.html

Two points worth mentioning here.

Ryan & John: can you use the GUI package manager to install a package
instead of writing a program in the drracket window that does it, at least
for now?

Jay, Sam: there is a slippery notion of exactly what amount of trust I am
willing to give programs that I run in drracket that needs to be sorted out
before we decide what is the right way to go for the larger question of
whether or not to allow pkg installation to happen via running a drracket
program.

In particular, I think it is reasonable for a user to expect that they may
be doing something dangerous when they install a pkg -- they should try to
figure out first if they trust that package before installing it. But maybe
we want to have a lower bar for programs that we run inside DrRacket. I'm
not saying that we are going to try to eliminate the (system "rm -rf /")
programs, but maybe we should be trying to protect DrRacket itself from
such programs. That is, I don't think we can easily describe the invariants
that have to hold to avoid breaking my underlying OS when running a racket
program, but maybe we can more easily describe the invariants that have to
hold to avoid destroying the drracket/racket installation (without
destroying the underlying OS) and maybe we should prohibit drracket
programs from breaking those. And if we did that, then we'd want to say
that package installation is off limits.

(And, of course, the error message should explain all this .... :)

Robby




On Thu, Oct 24, 2013 at 2:16 PM, Robby Findler
<robby at eecs.northwestern.edu>wrote:

> Jay and I have talked offline and apparently this is something that came
> up before and so I'm now back on track trying to understand and fix the
> underlying problem.
>
> Robby
>
>
>
> On Thu, Oct 24, 2013 at 1:47 PM, John Clements <clements at brinckerhoff.org>wrote:
>
>>
>> On Oct 24, 2013, at 7:28 AM, Robby Findler wrote:
>>
>> > This doesn't sound great. Can you explain more what you mean here about
>> programs not being able to run in DrRacket, please?
>>
>> +1 ... I was hoping to be able to tell Windows users to run programs like
>> this, as opposed to using Command Prompt.exe, which is like pulling teeth
>> ("oh ... maybe you installed DrRacket in the c:\Program Files (x86)\
>> folder....").
>>
>> John
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.racket-lang.org/users/archive/attachments/20131024/fad8d703/attachment.html>

Posted on the users mailing list.