[r6rs-discuss] string->number
John Cowan
cowan at ccil.org
Mon Mar 23 19:37:03 EDT 2009
Thomas Lord scripsit:
> The freedom of an implementation to go either
> way on that point is a good reflection of the
> fact that neither way is obviously better than
> the other *and* it is easy for programs to not
> rely on one way or the other.
>
> Changing the language to force one choice is
> just arbitrary. It adds an implementation burden.
> It punts on the question of which choice is better.
I'll just quote here from an email on the ECMAscript 3.1 mailing list
<https://mail.mozilla.org/pipermail/es3.x-discuss/2009-March/001183.html>
not necessarily because I agree with it, but so that the opposing
point of view is recognized:
> Conventional developers seek only functionality, and stay away from
> edge conditions. Attackers seek opportunities in edge conditions. So
> defenders must reason about the limits on the damage that might be
> caused by these edge conditions.
>
> Put another way, conventional developers must code to the intersection
> semantics of the platforms in question, since a correct program must
> work across all these platforms. Attackers can seek opportunities in
> the union semantics, since an attack that works on any platform is
> still a successful attack. More deterministic specs narrow the gap
> between these two.
--
A rose by any other name John Cowan
may smell as sweet, http://www.ccil.org/~cowan
but if you called it an onion cowan at ccil.org
you'd get cooks very confused. --RMS
More information about the r6rs-discuss
mailing list