[racket] Error when they use "programmatic" pkg

From: Robby Findler (robby at eecs.northwestern.edu)
Date: Thu Oct 24 16:41:25 EDT 2013

I think we're struggling at the moment with what the predicate we want to
check is, tho. (That is, I feel like we can deal with errors or alerts or
whatever, once we decide what should trigger them.)

Robby


On Thu, Oct 24, 2013 at 3:35 PM, Laurent <laurent.orseau at gmail.com> wrote:

> Independently of how difficult it is to do this, another possibility is to
> ask for permission as the program is run.
> But then you may have the problem that some users (read: students) may
> actually not know that they don't know what they are doing.
> There could also be a checkbox somewhere to allow for unsandboxed
> execution inside DrRacket.
>
> Laurent
>
>
> On Thu, Oct 24, 2013 at 10:10 PM, Robby Findler <
> robby at eecs.northwestern.edu> wrote:
>
>> Matthew reminded me of an old thread on this topic:
>>
>>   http://lists.racket-lang.org/dev/archive/2013-February/011741.html
>>
>> Two points worth mentioning here.
>>
>> Ryan & John: can you use the GUI package manager to install a package
>> instead of writing a program in the drracket window that does it, at least
>> for now?
>>
>> Jay, Sam: there is a slippery notion of exactly what amount of trust I am
>> willing to give programs that I run in drracket that needs to be sorted out
>> before we decide what is the right way to go for the larger question of
>> whether or not to allow pkg installation to happen via running a drracket
>> program.
>>
>> In particular, I think it is reasonable for a user to expect that they
>> may be doing something dangerous when they install a pkg -- they should try
>> to figure out first if they trust that package before installing it. But
>> maybe we want to have a lower bar for programs that we run inside DrRacket.
>> I'm not saying that we are going to try to eliminate the (system "rm -rf
>> /") programs, but maybe we should be trying to protect DrRacket itself from
>> such programs. That is, I don't think we can easily describe the invariants
>> that have to hold to avoid breaking my underlying OS when running a racket
>> program, but maybe we can more easily describe the invariants that have to
>> hold to avoid destroying the drracket/racket installation (without
>> destroying the underlying OS) and maybe we should prohibit drracket
>> programs from breaking those. And if we did that, then we'd want to say
>> that package installation is off limits.
>>
>> (And, of course, the error message should explain all this .... :)
>>
>> Robby
>>
>>
>>
>>
>> On Thu, Oct 24, 2013 at 2:16 PM, Robby Findler <
>> robby at eecs.northwestern.edu> wrote:
>>
>>> Jay and I have talked offline and apparently this is something that came
>>> up before and so I'm now back on track trying to understand and fix the
>>> underlying problem.
>>>
>>> Robby
>>>
>>>
>>>
>>> On Thu, Oct 24, 2013 at 1:47 PM, John Clements <
>>> clements at brinckerhoff.org> wrote:
>>>
>>>>
>>>> On Oct 24, 2013, at 7:28 AM, Robby Findler wrote:
>>>>
>>>> > This doesn't sound great. Can you explain more what you mean here
>>>> about programs not being able to run in DrRacket, please?
>>>>
>>>> +1 ... I was hoping to be able to tell Windows users to run programs
>>>> like this, as opposed to using Command Prompt.exe, which is like pulling
>>>> teeth ("oh ... maybe you installed DrRacket in the c:\Program Files (x86)\
>>>> folder....").
>>>>
>>>> John
>>>>
>>>>
>>>
>>
>> ____________________
>>   Racket Users list:
>>   http://lists.racket-lang.org/users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.racket-lang.org/users/archive/attachments/20131024/e7b632f2/attachment-0001.html>

Posted on the users mailing list.