[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: [ANN] pure Lua engram implementation
- From: Alexander Gladysh <agladysh@...>
- Date: Mon, 3 Jan 2011 16:57:13 +0300
On Mon, Jan 3, 2011 at 16:32, Richard Hundt <richardhundt@gmail.com> wrote:
> On 01/03/2011 02:05 PM, Alexander Gladysh wrote:
>>> https://github.com/richardhundt/lua-engram
>> You should warn your library users that it is not safe to load such
>> data if it comes from untrusted source. Also it is not compatible with
>> LuaJIT.
> Why, it's completely out of scope. Calling engram() returns a function. If
> the user chooses to dump that function via string.dump(), or load a dumped
> function from another source, surely the security issues are their concern
> and not this library's? It's orthogonal.
> Again, you don't get a string, you get a function. What you do with that is
> your concern.
Ah, right, sorry.
However, Engram is still not compatible with LJ2. (Not sure if it is
worth mentioning in the docs though)
Alexander.