Hi,

In message "Re: [ruby-core:36872] Re: Object#trust vs Object#taint"
    on Thu, 9 Jun 2011 09:26:59 +0900, Aaron Patterson <aaron / tenderlovemaking.com> writes:

|> Tainting is a mark for data from outside world.  Data from outside
|> cannot be trusted.  Untrusting is a mark for data from untrusted code
|> (that run under $SAFE level 4).
|
|So who decides to trust / untrust an object?

The core at object creation.  If the object was created from outside
source or based on tainted tainted objects, the core library marks
tainting.

If the object was created during $SAFE level 4 (untrusted code)
execution, the object is marked.

|When does Ruby set the untrust flag?  I can't seem to find any
|documentation on when that will happen.

Ruby itself would not.  The user do to avoid SecurityError.

							matz.