On Jan 8, 2006, at 1:37 AM, Gregory Brown wrote:
> This is a good point.  It's hard to make a general statement about
> security when you are not sure who you are securing against.  I think
> that the key issues are secondary libraries modifying other software
> and making it unreliable (Such as namespace collisions, unexpected
> redefinitions, etc),
>

I can understand the namespace issues.  How can I as a programmer
know exactly what is being modified when I add require 'X' to my
program?  This is an area that of Ruby that has lots of room
for improvement--in documentation of library/class behavior as well
as in possible new language features.


> and the ability to make a set of software behave
> in irratic ways by modifying it's internals via metaprogramming and
> the like.
>

I don't buy this in the sense that I don't see how this could be
a concern for a dynamic language and not for a static language.
You are still writing code that has to be tested.  Whether it is
hard to understand meta-programming or hard to understand data
structures that simulate meta-programming.  It is still an issue
of software correctness and I don't see how static vs. dynamic
changes that issue in any significant way.


Gary Wright