Hi,

In message "Re: [ruby-core:44075] [ruby-trunk - Feature #5455] $SAFE should be removed"
    on Tue, 3 Apr 2012 02:07:15 +0900, "headius (Charles Nutter)" <headius / headius.com> writes:

|A deprecation warning would be good in any case.
|
|Is it the position of ruby-core/MRI/Matz that $SAFE should be used for security purposes? There are a number of Rubyists (not to mention content in some Ruby books) that claim this.

I have never claimed $SAFE is safe enough for strong security in any
way.  It's for advisory, as other languages do.

|However, the equivalent feature from other languages (Perl, primarily) is *not* intended to be used to provide a secure environment. The warnings from safe mode in those languages are intended to be advisory, used before deployment, and it is discouraged to use safe mode in production. Enforcing $SAFE as a security mechanism also requires all code everywhere to properly handle tainting and untrust...including C extensions. $SAFE/taint/untrust is just a bad way to do security.
|
|I suggest that $SAFE should *at least* be deprecated in 2.0. I'm guessing that the window has closed on coming up with a "better" security replacement, but people should know that $SAFE does not provide the security guarantees they think it does.

I consider this advisory useful.  Why do you want to remove?

							matz.