| From: | Florian Pflug <fgp(at)phlo(dot)org> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | David Fetter <david(at)fetter(dot)org>, Magnus Hagander <magnus(at)hagander(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Specification for Trusted PLs? |
| Date: | 2010-05-21 18:04:20 |
| Message-ID: | 7E7EA792-8035-4C68-AB41-EC4658AFEAB6@phlo.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On May 21, 2010, at 18:26 , Stephen Frost wrote:
> * David Fetter (david(at)fetter(dot)org) wrote:
>> These need to be testable conditions, and new tests need to get added
>> any time we find that we've missed something. Making this concept
>> fuzzier is exactly the wrong direction to go.
>
> I'm really not sure that we want to be in the business of writing a ton
> of regression tests to see if languages which claim to be trusted really
> are..
Well, testing software security via regression tests certainly is sounds intriguing. But unfortunately, it's impossible also AFAICS - it'd amount to testing for the *absence* of features, which seems hard...
I suggest the following definition of "trusted PL".
"While potentially preventing excruciating pain, saving tons of sweat and allowing code reuse, actually adds nothing in terms of features over pl/pgsql".
best regards,
Florian Pflug
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2010-05-21 18:05:20 | Re: Specification for Trusted PLs? |
| Previous Message | David Fetter | 2010-05-21 17:58:18 | Re: Specification for Trusted PLs? |