From: Peter Bex <address@hidden>
Subject: Re: [Chicken-hackers] [PATCH 3/4] Remove ##sys#expand-home-path.
Date: Mon, 18 Mar 2013 21:22:12 +0100
On Mon, Mar 18, 2013 at 02:03:41PM -0400, Mario Domenech Goulart wrote:
Maybe I'm too paranoid? Or missing something?
No, you're spot on. I think given a choice, we should always err on
the side of security and adhere to the Principle Of Least Astonishment.
For convenient scripting, a "dwim" egg could be created that does all
these dangerous but convenient things. Then this is the user's
responsibility and if his system gets owned it wasn't due to a chicken
fuck-up.
Implicitly "convenient" behaviour is the root of all evil. We recently
had the same discussion about substring; there is no easy way to build
the sane features on top of an API with bells and whistles, except by
adding lots of checks all over the place, as you pointed out in your
example. Building those convenience layers on top of the core, stable
functionality is easily done, and can be wrapped up as an egg.
I disagree. We can still try to make the core system practical,
instead of a mindless API server for low-level facilities wrapped in
s-expression syntax. So lets for once try to find a solution without
just being polemic (well, polemics is great fun, of course, but in
this case it doesn't help).
I suggest keeping the posix file-operations convenience-free (they
duplicate a lot of the higher-level facilities anyway), while standard
procedures and core-unit file-system operations could provide ...
I barely dare to say it ... ~-expansion.