Re: Progress on MediaWiki Integration with Lua 5.1

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Progress on MediaWiki Integration with Lua 5.1
From: Brad Jorsch <bjorsch@...>
Date: Tue, 19 Feb 2013 08:44:23 -0500

On Mon, Feb 18, 2013 at 10:45 PM, Duncan Cross <duncan.cross@gmail.com> wrote:

On Sun, Feb 17, 2013 at 12:09 PM, marbux <marbux@gmail.com> wrote:
> Was just looking at the MediaWiki developers progress on integration
> of Lua 5.1. They've generated a fair bit of documentation on their
> progress, changes they made in Lua, etc.

Very interesting. I notice that coroutine functions are not available,
because "No application is known for us, so it has not been reviewed
for security." This seems like a great shame to me, coroutines can be
very useful for iterators and all sorts of things, I consider them one
of the best things about Lua. I admit I have no idea about potential
security concerns though - are there are commonly known ones with
regard to coroutines?

Part of security in our case is performance and resource usage; we'd need to make sure someone can't somehow abuse coroutines to bypass the CPU or memory limits in our sandbox.

If you have a compelling use case for coroutines in the context of MediaWiki and Scribunto, let us know.

--
Brad Jorsch
Software Engineer
Wikimedia Foundation

Follow-Ups:
- Re: Progress on MediaWiki Integration with Lua 5.1, marbux
- Re: Progress on MediaWiki Integration with Lua 5.1, Patrick Donnelly

References:
- Progress on MediaWiki Integration with Lua 5.1, marbux
- Re: Progress on MediaWiki Integration with Lua 5.1, Duncan Cross

Prev by Date: Re: Progress on MediaWiki Integration with Lua 5.1
Next by Date: Re: local "module" pattern without module [was Re: [ANN] SLAXML - pure Lua, robust-ish, SAX-like streaming XML processor]
Previous by thread: Re: Progress on MediaWiki Integration with Lua 5.1
Next by thread: Re: Progress on MediaWiki Integration with Lua 5.1
Index(es):
- Date
- Thread