Hi all,

This is a summary of ruby-dev ML in these days.

[ruby-dev:23762] Ruby 1.8.2 to be released

  Kouhei Sutou requested to import his RSS Parser library into 1.8 branch,
  and Matz agreed with him.

[ruby-dev:23784] URI()

  TANAKA Akira proposed a new global method URI(), to construct an URI
  object.  With this method, you can write HTTP GET program as below:

    print URI("http://www.example.com/").read

  This program is better than `open("http://....").read' because it
  properly closes IO objects.

  Here are some opinions:  (+ : approval, - : objection)

    + There are similar methods such as Integer(), String(), etc.
    + URI is a name, literal-like syntax seems good.
    - URI.[] is better because URI() pollutes the global name space.
    - String(obj) calls obj.to_s.  Integer(obj) calls obj.to_i.
      But URI(obj) does not call obj.to_uri.
      (Note that Complex(obj) does not call obj.to_complex, too.)
    - A method name which begins with a capital looks bad.

  This issue is still open.

[ruby-dev:23814] $SAFE in Proc
[ruby-dev:23815] set_trace_func in safe mode

  Nobuyoshi Nakada posted two security considerations.

  1. $SAFE=4 program can safely call a Proc object which is created
     by $SAFE=0, and it runs in $SAFE=0.  It causes `$SAFE downgrading'.

     -> Matz said that it is not a problem because Proc objects which
        are created in $SAFE=0 environment should be trustable.
        In other words, you should not load untrustable code in $SAFE<4.

  2. set_trace_func should be prohibited in $SAFE>0.

     -> Matz stated that $SAFE>3 check is enough,
        because we are trusting $SAFE<=3 codes.


-- Minero Aoki

ruby-dev summary index:
http://i.loveruby.net/en/ruby-dev-summary.html