Issue #14250 has been updated by mame (Yusuke Endoh).

File gems-using-safe.txt added

FYI: by using [gem-codesearch](https://github.com/akr/gem-codesearch), I have briefly searched the gems using $SAFE:

```
$ csearch -f '.*\.rb' '^\s*[^\s#].*\$SAFE *=' | wc -l
147
```

Much less than I thought...  The full list is attached.

----------------------------------------
Feature #14250: Make `$SAFE` process global state and allow to set 0 again
https://bugs.ruby-lang.org/issues/14250#change-69069

* Author: ko1 (Koichi Sasada)
* Status: Open
* Priority: Normal
* Assignee: ko1 (Koichi Sasada)
* Target version: 2.6
----------------------------------------
`$SAFE > 1` is removed from Ruby 2.3 and there are some opinion to remove `$SAFE` feature ([Feature #5455]).
There are several reason, but the biggest reason I think is nobody use `$SAFE` correctly.

Also current `$SAFE` is thread/proc local information and it hurts performance (we need to restore `$SAFE` information just after returning proc, even if returning by exception).

Matz said `$SAFE == 1` is similar to warning and it is not a security feature, but one of the programming tool we can use to improve our program (`$SAFE == 3` was for sandbox, security feature).

From this perspective, Matz approved us the followings:

* `$SAFE` is process global, not a Proc local state.
* We can set `$SAFE == 0` when `$SAFE == 1`.

I think we can't make big project with the above changes (how to make multi-thread programming with this `$SAFE`?), but `$SAFE` seems for small project (so-called *scripting*). Anyway if nobody use it, no problem on these changes.

I will commit this change soon.
Please try new spec and point out any problem you got.

Thanks,
Koichi


---Files--------------------------------
gems-using-safe.txt (15.1 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>