On Tue, Oct 6, 2009 at 3:52 AM, Yugui <yugui / yugui.jp> wrote:

> Why do you think the feature is not useful?
>

To really build a secure system around something like $SAFE/taint, you must
be extremely vigilant with handling the flow of tainted objects through the
system.  One little mistake anywhere and it doesn't offer you any security
at all.


> It might not be useful for you but some ruby programs developed on
> early era often use it.
>

That's fine, but 99.9% of Ruby programs out there don't use it and it
impacts performance, so isn't making it an on-by-default configurable option
a good idea?


> And Ruby 1.9 has even trust/untrusted model in addition to
> taint/untainted for more secure/usable security checking.
>

The need for something like trust/untrusted shows is that $SAFE/taint are no
where good enough.

-- 
Tony Arcieri
Medioh/Nagravision