lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Fri, Feb 3, 2012 at 2:44 AM, Tim Starling <tstarling@wikimedia.org> wrote:
> The lack of attention to backwards compatibility is concerning.

>From what I observed over some time, I believe that's something you
might need to take as the way it is with regards to Lua development.
The drawbacks of breaking backwards compatibility are pretty obvious;
it's worthy however to notice positive aspects of this approach, and
the common stance towards "old versions". So, the first point is such,
that the freedom to take more drastic changes allows Lua devs to
easily ditch some failed experiments, unify some existing things and
introduce new ideas for "live testing". And the second important point
is, that it's worthy to sometimes look at each Lua version as a
totally unrelated language, "only accidentally bearing a somewhat
similar name". It is not considered as something "bad" if you stick
with your chosen version of Lua forever in your product (although this
surely also has some drawbacks) [1][2]. You can even consider taking
it sideways, by adding some patches etc.

    [1]: noteworthy, just as I was writing these words, a rc1 for Lua
5.1.4 was published.
    [2]: by the way, I'm curious whether the LuaTeX devs even consider
switching to 5.2, I suppose their 5.1 codebase is pretty large
already.

By the way, please note I'm not officially affiliated or something ;)
so that's just my $0.02 on how I like to see all of this.

> We want to support MediaWiki installations where Lua is executed by
> shelling out to the standard interpreter. This will allow people to
> copy scripts from Wikipedia to a broader range of hosting
> environments. However, this does mean that we need to promote a lowest
> common denominator feature set. If worst comes to worst, we can always
> patch "goto" out of the lexer on Wikipedia until 5.2 is mature and
> readily available for external users.

Now, on a somewhat related note, I'll let myself to point out that you
might want to be careful with regards to sandboxing Lua. (Disclaimer
again: I have never actually tried/needed to do that myself.) At first
sight, that seems trivial, and I've seen pretty bold opinions here on
how to do that "quickly and easily" (specially, the lua-wiki page
about sandboxing is very optimistic). But with safety things can be
tricky, and there are people here who can point you to some
non-obvious dangers, and hopefully to some solutions. My personal
landmarks in this topic are currently:

  * by Peter Cawley, http://article.gmane.org/gmane.comp.lang.lua.general/77422
  * by Mike Pall,
http://article.gmane.org/gmane.comp.lang.lua.general/76283 (and more
in this thread)
  * by Luiz Henrique de Figueiredo,
http://lua-users.org/lists/lua-l/2006-06/msg00133.html

- anybody correct me if I'm wrong and/or if you'd care to help or
point out to some (more) worthy materials in this topic. That said, I
suppose "shelling out" is already quite a good direction, as it
introduces a process boundary, and should make it easier to kill the
sandbox in case. Or something.

cheers
/Mateusz Czapliński.