[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Using Lua for config files
- From: Andrew Starks <andrew.starks@...>
- Date: Fri, 27 Dec 2013 07:12:46 -0600
On Mon, Dec 23, 2013 at 6:49 PM, Robert Virding
<robert.virding@erlang-solutions.com> wrote:
> Being allowed to enter straight Lua, even if it looks good and is run in a sandbox, would give the non-Lua user way too many ways of getting into trouble.
This may not be the thread, or even the mailing list, for a prolonged
discussion on this topic, although I think it may be.
The way that I can understand this perspective is to imagine a piece
of software that has been extended by the developer, but did not have
those extensions fully integrated into the software. [1] As a result,
important configuration options are relegated to a configuration file
and now it is not reasonable to expect that the average user will be
able to avoid technical support on their way to success.
This is a product management problem: The wrong context is forced on
the wrong persona. What would normally be fine in configuration must
now be sanitized, because the configuration files are now also a stand
in for a proper user interface.
Perhaps others have better examples of where this may apply?
Documentation, testing, aka "quality", are important everywhere.
Assuming that nothing is being cheated, then I can't see any
additional reasons to limit what someone could do in configuration,
accepting applications where security plays an outsized role.
Also, covering for deficiencies in quality is a legitimate strategy. I
just don't think it's a very good one for anything beyond what it
takes to push a Z release.
-Andrew
[1] This has been true of our software, at times.