[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Potentially insecure Perl scripts

Ben Hutchings <ben@decadent.org.uk> writes:

> People have said this about ASLR, protected symlinks, and many other
> kinds of security hardening changes.  We made them anyway and took the
> temporary pain for a long-term security gain.

Well, Perl has a deprecation mechanism with warnings and so forth,
although I don't think Perl has ever actively broken a feature outside of
"use <version>" with a later version, except for features marked as
experimental.  But I suppose it's possible.

Good luck with that -- there was a long discussion about this when <<>>
was introduced, and as one can tell, that viewpoint did not prevail.
Maybe it's used less now and it might be easier to get rid of it?

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: