lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On Mon, Jan 3, 2011 at 16:17, KHMan <> wrote:
> On 1/3/2011 9:05 PM, Alexander Gladysh wrote:
>> On Mon, Jan 3, 2011 at 15:40, Richard Hundt wrote:

>>> There was some discussion a while ago about implementing data
>>> serialization
>>> using Lua's bytecode format:


>>> I've gone ahead and implemented it in Lua:


>> You should warn your library users that it is not safe to load such
>> data if it comes from untrusted source. Also it is not compatible with
>> LuaJIT.

> Okay, the following is going to be unpopular with some, but:

It is not popular with me.

> IMHO, sometimes we have to ease off with this kind of "warnings and
> disclaimers" pedantry...

> How many of 'em disclaimers do we need before we've covered everything? We
> should not feel responsible for every little thing an unknown party might do
> -- it's entirely their problem.

Sorry, I do not think that application security is a little thing.