lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Mon, Jan 3, 2011 at 16:32, Richard Hundt <richardhundt@gmail.com> wrote:
> On 01/03/2011 02:05 PM, Alexander Gladysh wrote:

>>> https://github.com/richardhundt/lua-engram

>> You should warn your library users that it is not safe to load such
>> data if it comes from untrusted source. Also it is not compatible with
>> LuaJIT.

> Why, it's completely out of scope. Calling engram() returns a function. If
> the user chooses to dump that function via string.dump(), or load a dumped
> function from another source, surely the security issues are their concern
> and not this library's? It's orthogonal.

> Again, you don't get a string, you get a function. What you do with that is
> your concern.

Ah, right, sorry.

However, Engram is still not compatible with LJ2. (Not sure if it is
worth mentioning in the docs though)

Alexander.