lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index] 

On Mon, Dec 23, 2013 at 6:49 PM, Robert Virding
<robert.virding@erlang-solutions.com> wrote:
> Being allowed to enter straight Lua, even if it looks good and is run in a sandbox, would give the non-Lua user way too many ways of getting into trouble.

This may not be the thread, or even the mailing list, for a prolonged
discussion on this topic, although I think it may be.

The way that I can understand this perspective is to imagine a piece
of software that has been extended by the developer, but did not have
those extensions fully integrated into the software. [1] As a result,
important configuration options are relegated to a configuration file
and now it is not reasonable to expect that the average user will be
able to avoid technical support on their way to success.

This is a product management problem: The wrong context is forced on
the wrong persona. What would normally be fine in configuration must
now be sanitized, because the configuration files are now also a stand
in for a proper user interface.

Perhaps others have better examples of where this may apply?

Documentation, testing, aka "quality", are important everywhere.
Assuming that nothing is being cheated, then I can't see any
additional reasons to limit what someone could do in configuration,
accepting applications where security plays an outsized role.

Also, covering for deficiencies in quality is a legitimate strategy. I
just don't think it's a very good one for anything beyond what it
takes to push a Z release.

-Andrew

[1] This has been true of our software, at times.