--H1spWtNR+x+ondvy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jun 09, 2011 at 07:49:06AM +0900, Yukihiro Matsumoto wrote:
> Hi,
>=20
> In message "Re: [ruby-core:36863] Object#trust vs Object#taint"
>     on Thu, 9 Jun 2011 06:37:13 +0900, Aaron Patterson <aaron@tenderlovem=
aking.com> writes:
>=20
> |What is the difference between tainting and untrusting an object?
>=20
> Tainting is a mark for data from outside world.  Data from outside
> cannot be trusted.  Untrusting is a mark for data from untrusted code
> (that run under $SAFE level 4).
>=20
> |When should library authors taint vs untrust objects?
> |When should application authors taint or untrust objects?
>=20
> Basically you don't have to taint or untrust object explicitly.  Ruby
> should mark those flags automatically.  The authors can clear those
> flag, but I recommend strict validation before clearing flags.

nahi sent me an email where Shugo talks about the rules:

  http://blade.nagaokaut.ac.jp/cgi-bin/vframe.rb/ruby/ruby-dev/38821?38666-=
39070+split-mode-vertical

I will try to translate.  :-)

--=20
Aaron Patterson
http://tenderlovemaking.com/

--H1spWtNR+x+ondvy
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)

iQEcBAEBAgAGBQJN8B+LAAoJEJUxcLy0/6/GSsgH/iJPXIviN4iC7PDv2MXyhvl9
rgS/0FLXmDsAWmUZP0p51ND9057Ipiy7Dhqx153Ma6SmAJSvczIoVCgUEi5Gmq4d
eYkr6NQjf0/mQQjwpPNF7kNjpDOwAnoCjwM9nCvwCDzs1eljIBSy4gs74LdTGpPw
QSfd60cCFVqIiXif9RGJ7ts90FdnOXMaTUCV+VnoYC+PNXvGdZQiQjWS2jJpveCt
p3WIR2GPHDBEbWgauxrHqPChxqxFVXoXhIiCDTw++Qv1jkRSveYId+RWQwTYJcf+
uVvhl8FvECKnTaR1YBDqQdYewFfaeCZ9uTSzlgezJo4A+yKnCaql12worCmFPbo=
=sTYH
-----END PGP SIGNATURE-----

--H1spWtNR+x+ondvy--