Kyle R. Burton writes: > Understanding that this may break existing code (how much?), I think it > would reflect well on the community to make decisions to improve safety and > security, especially with respect to defaults like this. Avoiding > surprises after deployment is a virtue in my option.
Considering that *read-eval* is undocumented, I think that makes for a much stronger case for changing its behaviour. Code that relies on *read-eval* defaulting to true is relying on an undocumented implementation detail, so breakage surrounding it should not be terribly surprising. If the default is not changed for whatever reason (which I believe would be a bad decision, but whatever) then at the very least it should be documented. Having a potential source of fatal exploits which can only be protected against by tribal knowledge is a really unfortunate situation. -Phil -- -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
