I wonder what the venn overlap between developers screaming C IS DANGEROUS and developers using npm is? Pro-tip: The language details is almost irrelevant, the community culture and ecosystem is what matters to secure code.
-
-
Replying to @d_gustafsson
Wee, I actually like C, and I still have to disagree. There's fairly sane people that are anti-C, because it doesn't allow for safe things where that's desirable (i.e. the default outside of core performance critical bits).
2 replies 0 retweets 1 like -
Replying to @AndresFreundTec
Absolutely, C has lots of issues, but at least they are (for the most part) admitted to and acknowledged by projects.. ..or perhaps I have a bad case of Stockholm Syndrome which is entirely possible =)
1 reply 0 retweets 0 likes -
Replying to @d_gustafsson
For the case of PG: I'm not sure using archaic versions of C as the baseline, and not having a way to write non-performance-critical code in a safer language, can really count as admitting. (And yes, we're now using a slightly less archaic version of c as baseline)
1 reply 0 retweets 0 likes -
Replying to @AndresFreundTec @d_gustafsson
If any "safer language," as you term it, can create .so's, maybe there's a way in through the hooks system. Which safer languages do you have in mind?
1 reply 0 retweets 0 likes -
Replying to @davidfetter @d_gustafsson
It's not a technical problem, it's a policy problem. To be actually helpful, it'd be a hard dependency. Medium-long term one answer might be rust.
1 reply 0 retweets 0 likes -
Replying to @AndresFreundTec @davidfetter
Let's make it easier by picking one we have in the tree already, I reckon we go with M4sh
1 reply 0 retweets 0 likes
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.