On Wed, Jan 20, 2021 at 2:25 PM Kevin Chadwick <m8il1i...@gmail.com> wrote:
> It has been stated in a thread that there have never been any type safety > related security issues. I assume you are referring to what I said and I'd just like to point out that I never made such claims. I said two things: I assume panics in production are sufficiently common that you could find > some to point at and attribute them to a use of interfaces. Security issues > are significantly less common. Maybe you can point to some? Preferably some > with CVE numbers assigned. And My personal projection is that security will mostly be unaffected (*I > don't know of many security issues in the past that were related to Go type > safety or lack thereof*), if it *is* affected, the effect will be > positive and that type-safety will increase. The first statement specifically says that you *can* likely find panics that you could attribute to interface-usage. The second statement says "I don't know of many", so it specifically *doesn't* use "none" and it also doesn't make any assertions about the actual number that exist (just the number I know of). Right, but had a typed function been used that took a port as an int and did > validation early. Especially with the single task principle in mind. This > would > never have happened. This is true, but again, it is not related to the Go type system. The Go type system already allows you to express that invariant. In fact, "this would never have happened" is a strong indicator that the type system itself would have been sufficient for this problem. Because, apparently, if we'd actually used it to express the invariant we are interested in, it would've caught this bug. > Actually in this case either for performance or maybe > because strconv couldn't be used to produce an error. It was handled as a > function that takes a string and checks for characters 0-9. > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/79f1477f-70ff-bf71-b13e-e7e3d40f7857%40gmail.com > . > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAEkBMfGc7dq351dzBKy9%2B5pyJcUMf7ovBa_MRNcFjUOPt5oQPQ%40mail.gmail.com.
