lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Mon, Aug 23, 2010 at 8:41 AM, Jim Whitehead II <jnwhiteh@gmail.com> wrote:
> I actually think this makes a lot of sense. Providing and dealing with
> binary chunks is not something that should live outside the debug library,
> particularly given the change in attitude towards the debug library. It is a
> very open vector for attack and not incredibly obvious it exists in a stock
> distribution.

I agree. So there's two related shifts in attitude in 5.2:
(i) Loading bytecode should be considered an "advanced" feature, and
carefully disabled if there is any possibility of an untrusted source.
(ii) The debug library is no longer intended solely for debugging, but
for "advanced" features acceptable for use in normal Lua code.

To me it makes sense that these changes should be reflected by a
noticeable change in the API. I've mentioned before that I'd like to
see "debug" renamed [1] in order to reflect the second one.

[1] http://lua-users.org/lists/lua-l/2010-05/msg00351.html

-Duncan