| |||||||||||||
The unstoppable Perl release train?The unstoppable Perl release train?Posted Mar 4, 2012 5:27 UTC (Sun) by jmayer (subscriber, #595)In reply to: The unstoppable Perl release train? by xdg Parent article: The unstoppable Perl release train?
My reading of the article is different than what you "Perl guys" are reading into it: With the new release there will be "complete" Unicode support, it will be the "if you haven't used unicode before, do it now release". So if there are security problems in the unicode handling in Perl and more people start using the unicode features these problems will be in more and more programs. How many people who write Perl scripts have actually read the security guidelines - probably well below 50%. Many people I know learn mostly from examples, not from manpages.
(Log in to post comments)
The unstoppable Perl release train? Posted Mar 4, 2012 19:39 UTC (Sun) by xdg (guest, #83285) [Link] If you're reading this as "the Unicode release", then the author has (probably unintentionally) misled you. Unicode itself is a moving target and Perl has continued to make significant stride to improve how it handle Unicode semantics in the last couple releases. See Unicode Overhaul from the 5.12 release notes and Unicode in the 5.14 release notes. Perl 5.16 continues with this trend of incremental improvements. As for how many people read the security-relevant sections of manpages, that's an issue for any language or tool. Most tools can be used insecurely, dynamic languages particularly so. I would hope that anyone writing or deploying code where security does matter would read relevant manpages.
|
|||||||||||||