On Wed, Jan 13, 2021 at 6:38 AM Kevin Chadwick wrote:
>
> On 1/13/21 2:09 PM, Axel Wagner wrote:
> > Let me repeat my question: Do you have any concrete reason to assume there
> > is a
> > negative security impact of generics? Feel free to bring that up.
> > Otherwise, I
> > don't see a reason t
On Wed, Jan 13, 2021 at 3:38 PM Kevin Chadwick wrote:
> I don't and I don't mean to make demands of other peoples time. Though I'm
> sure
> security has been carefully considered and might be fresh in peoples minds.
I don't think it has, because I don't think it needs to be. There is no
reason
I covered the DoS. There are multitude of ways to create DoS even in “correct”
code, panics are just one example.
Memory corruption is a different class of security bug because it allows
arbitrary code execution.
> On Jan 13, 2021, at 8:20 AM, Kevin Chadwick wrote:
>
> On 1/13/21 2:06 PM,
On 1/13/21 2:09 PM, Axel Wagner wrote:
> Let me repeat my question: Do you have any concrete reason to assume there is
> a
> negative security impact of generics? Feel free to bring that up. Otherwise, I
> don't see a reason to talk about it in the design doc.
I don't and I don't mean to make dem
On 1/13/21 2:06 PM, Robert Engels wrote:
> A panic is not a security issue. Memory corruption/stack overflow is. In Go
> the latter is accomplished through CGo and unsafe pointers/operations.
>
It isn't as clear cut as that. Panics can be security issues and memory
corruption/stack overflows ca
On Wed, Jan 13, 2021 at 2:59 PM Kevin Chadwick wrote:
> Clearly Go without interfaces, especially an empty interface is safer.
> Perhaps
> Generics reduce that risk via constraints etc.?
>
I understand why you might argue interfaces make the language less safe.
But generics are a mechanism with
A panic is not a security issue. Memory corruption/stack overflow is. In Go the
latter is accomplished through CGo and unsafe pointers/operations.
Continuous panics can be considered a security issue as a DoS attack but IMO at
least there are many ways to generate continuous errors that are sim
On 1/13/21 11:17 AM, Axel Wagner wrote:
> Assuming generics like interfaces, potentially erode type safety.
>
>
> Can you elaborate? Because that statement seems exactly contrary to
> established
> wisdom.
Clearly Go without interfaces, especially an empty interface is safer. Perhaps
Generi
On Wed, Jan 13, 2021 at 11:54 AM Kevin Chadwick wrote:
> I appreciate that generics use will be optional. However I am concerned
> that neither in the design draft nor the proposal issue, that the word
> security nor safety has been used even once.
"Safety" has been mentioned lots of times, in
I appreciate that generics use will be optional. However I am concerned that
neither in the design draft nor the proposal issue, that the word security nor
safety has been used even once.
Assuming generics like interfaces, potentially erode type safety.
Will generics increase the likelihood of
10 matches
Mail list logo
