Hi,

2008/8/19 Dave Thomas <dave / pragprog.com>:
> I'm not clear, however, how this can be used in practice. Is it intended to
> be used in code sandboxes?

Yes, it is.

Before the introduction of trust, taintedness denoted two different statuses.

(1) input data from outside a program
(2) objects created by untrusted code (objects created at safe level 3 or 4)

At safe level 4, modifications of tainted objects are allowed, but it's not
indented to allow modifications of (1) input data from outside a program.

For example, the following code allows a modification of $PROGRAM_NAME
unexpectedly.

  lambda {
    $SAFE = 4
    $PROGRAM_NAME.replace("Hello, World!")
  }.call
  puts $PROGRAM_NAME

So we decided to seperate two different meanings of taintedness to avoid
this problem.

In trunk, (2) objects created by untrusted code are tainted and untrusted,
and modificaions of trusted objects are not allowed at safe level 4.

-- 
Shugo Maeda