On Wed, Jun 8, 2011 at 8:19 PM, Aaron Patterson
<aaron / tenderlovemaking.com> wrote:
> nahi sent me an email where Shugo talks about the rules:
>
> http://blade.nagaokaut.ac.jp/cgi-bin/vframe.rb/ruby/ruby-dev/38821?38666-39070+split-mode-vertical
>
> I will try to translate. :-)

I look forward to that translation.

Currently in JRuby (and Rubinius) both taint and untrust are merely
flags. Neither implementation supports SAFE, mostly due to a lack of
documentation for every case throughout the core classes where SAFE
modes should check tainting/untrust. We (JRuby) made a best effort
initially to support SAFE and taint/untrust, but since the SAFE
security model requires a million little checks peppered all over the
codebase, we eventually gave up.

I hope some day to either work with Evan to design a security model
for Ruby similar to Java security policies, or else find a way to map
SAFE levels reasonably well to standard, existing Java security
checks.

- Charlie