search

Perl / PPCs

This repository is for Requests For Comments - proposals to change the Perl language.
61 stars 22 forks source link

0012 configure taint #10

Closed neilb closed 2 years ago

neilb commented 2 years ago

This is an RFC to add a Configure question on whether you want to build Perl with taint support, or without.

See Pre-RFC discussion on p5p.

neilb commented 2 years ago

So we have two options:

  1. Make it fatal, in which case lots of dists would fail to install, because they needlessly have -T on tests
  2. Make it silently non-fatal, in which case all the needless -T tests would probably pass, and some tests might fail, and it depends on how the tests are written on whether it will be obvious to the person installing why they failed.

Not really much of a choice – pragmatically we have to go with #2.

neilb commented 2 years ago

I've just pushed an updated version, which proposes -DSILENT_NO_TAINT_SUPPORT rather than -DNO_TAINT_SUPPORT, and adds a couple of points to the Rejected Ideas section.

demerphq commented 2 years ago

On Thu, 27 Jan 2022 at 16:10, Neil Bowers @.***> wrote:

So we have two options:

  1. Make it fatal, in which case lots of dists would fail to install, because they needlessly have -T on tests
  2. Make it silently non-fatal, in which case all the needless -T tests would probably pass, and some tests might fail, and it depends on how the tests are written on whether it will be obvious to the person installing why they failed.

Not really much of a choice – pragmatically we have to go with #2 https://github.com/Perl/RFCs/pull/2.

Just for the record these flags were created for Booking and they use #2 for their builds with minimal trouble.

Yves