I like the idea of setting the default to false. This potentially does break some code, but perhaps it breaks unknowingly insecure code - which is a pretty big bonus. I'd love it if I upgraded to a new release of Clojure and my app toppled down because of my own shortsightedness.
An additional idea is to add an optional second argument to read-string, which does the binding for you. Regards, Paul On Wednesday, January 30, 2013 7:25:46 AM UTC-8, Kyle Burton wrote: > > > On Wed, Jan 30, 2013 at 10:18 AM, Marek Šrank > <markus...@gmail.com<javascript:> > > wrote: > >> The most simple thing would be to change the default value of *read-eval* >> to false... >> >> > Understanding that this may break existing code (how much?), I think it > would reflect well on the community to make decisions to improve safety and > security, especially with respect to defaults like this. Avoiding > surprises after deployment is a virtue in my option. > > +1 > > Regards, > > Kyle Burton > > -- > Twitter: @kyleburton > Github: https://github.com/kyleburton > Blog: http://asymmetrical-view.com/ > Fun: http://snapclean.me/ > -- -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
