Trying the latest patches on todays cvs version of sbcl, 1.0.27.9, totally breaks the testcases. Whereas the old version works. So be a bit careful to use the darcs version for a while in a stable environment.
Otherwise, It seems there are lots of cool new features, and the documentation is great. I've put it online here: http://common-lisp.net/project/cl-json/cl-json.html
Boris, one thing I am not sure about, the security implications of the clos decoder. How do you make sure that an evil user doesn't create a lispClass ticking-bomb in the lispPackage not-so-secret? Or do I read the docs to bad?
Regards, Henrik
On Wed, Apr 15, 2009 at 2:13 AM, Henrik Hjelte henrik@evahjelte.com wrote:
Trying the latest patches on todays cvs version of sbcl, 1.0.27.9, totally breaks the testcases. Whereas the old version works. So be a bit careful to use the darcs version for a while in a stable environment.
Uh... That could be SBCL bugs, couldn't it?
To be earnest, I only use Lisp implementations from ports collections as a general rule, but I'll look into that. I would not be surprised at seeing s o m e tests fail, but if the breakdown is as massive as you imply, this is definitely an emergency case.
Boris, one thing I am not sure about, the security implications of the clos decoder. How do you make sure that an evil user doesn't create a lispClass ticking-bomb in the lispPackage not-so-secret? Or do I read the docs to bad?
No, your concerns are perfectly justified, the manual doesn't really address this issue. I should write that up.
The simplest way to prevent undesired objects from being created, as far as I understand, is to define a prohibitive MAKE-OBJECT method specialized for the (name of) every dangerous class—or, if that better suits your policy, a general prohibitive method plus a permissive method for every class guaranteed safe.
- B. Sm.
On Wed, Apr 15, 2009 at 9:40 PM, Boris Smilga boris.smilga@gmail.com wrote:
On Wed, Apr 15, 2009 at 2:13 AM, Henrik Hjelte henrik@evahjelte.com wrote:
Trying the latest patches on todays cvs version of sbcl, 1.0.27.9, totally breaks the testcases. Whereas the old version works. So be a bit careful to use the darcs version for a while in a stable environment.
Uh... That could be SBCL bugs, couldn't it?
Not a bug, of course. SBCL just began to enforce the ANSI provision that the EXTENSION argument to VECTOR-PUSH-EXTEND must be a positive integer. All test failures but one were happening when VECTOR-PUSH-EXTEND was being passed 0 as that argument. That's fixed now, I'll post patches some time later.
- B. Sm.
-
Boris Smilga -
Henrik Hjelte