I wonder what the venn overlap between developers screaming C IS DANGEROUS and developers using npm is? Pro-tip: The language details is almost irrelevant, the community culture and ecosystem is what matters to secure code.
For the case of PG: I'm not sure using archaic versions of C as the baseline, and not having a way to write non-performance-critical code in a safer language, can really count as admitting. (And yes, we're now using a slightly less archaic version of c as baseline)
-
-
If any "safer language," as you term it, can create .so's, maybe there's a way in through the hooks system. Which safer languages do you have in mind?
-
It's not a technical problem, it's a policy problem. To be actually helpful, it'd be a hard dependency. Medium-long term one answer might be rust.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.