On 11/22/2012 09:07 PM, Richard W.M. Jones wrote:
> On Tue, Nov 20, 2012 at 12:52:30PM -0500, Przemek Klosowski wrote:
>> Interpreters do not preclude simple data: they just scale better,
>> from simple linear declarative data to complex, Turing-cranking
>> swamp. The only argument against it is runtime overhead, which isn't
>> a problem in many, if not most, cases.
> It's NOT the only argument against it.  Having Turing-complete
> configuration files makes it impossible to have other programs parse
> and understand the configuration.  Programs including:
>  - OpenSCAP, or any other security scanner
>  - libvirt (hello, old Xen's python config files)
>  - multiple libguestfs tools like virt-sysprep
>  - Augeas and all the tools that use it

Moreover, If the application (polkit) uses its embedded interpreter to
assess configuration and the scanner (OpenSCAP) uses it's own way how to
assess it (even if it differs in a version of the interpreter). --> It
only opens door for very subtle bugs.

Which leads me to thinking that the applications (which use Turing
complete languages for configuration) shall provide a comprehensive API
to query the configuration.

> Rich.

Simon Lukasik
devel mailing list

Reply via email to