* bug#66279: Unexporting <user-account>
@ 2023-09-30 10:10 Ludovic Courtès
2023-10-01 20:28 ` Maxim Cournoyer
0 siblings, 1 reply; 3+ messages in thread
From: Ludovic Courtès @ 2023-09-30 10:10 UTC (permalink / raw)
To: 66279; +Cc: Maxim Cournoyer
Hi Maxim,
Commit 03795e2ba27424fc98957da00f6c71325e7ae425 exports the
<user-account> record type descriptor (RTD).
Common practice is to keep RTDs private because by publishing them, we
make it harder to change the ABI (because users might be matching fields
positionally) and we make it trivial for users to forge records of that
type, bypassing any checks we may have in the official constructor (such
as “sanitizers”).
What do you think of reverting this commit? I don’t see references to
<user-account> outside of its module.
(I’m aware there are a few other places where RTDs are exported; I think
we should eventually fix them as well.)
Ludo’.
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#66279: Unexporting <user-account>
2023-09-30 10:10 bug#66279: Unexporting <user-account> Ludovic Courtès
@ 2023-10-01 20:28 ` Maxim Cournoyer
2023-10-05 21:28 ` Ludovic Courtès
0 siblings, 1 reply; 3+ messages in thread
From: Maxim Cournoyer @ 2023-10-01 20:28 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 66279
Hi Ludovic,
Ludovic Courtès <ludo@gnu.org> writes:
> Hi Maxim,
>
> Commit 03795e2ba27424fc98957da00f6c71325e7ae425 exports the
> <user-account> record type descriptor (RTD).
>
> Common practice is to keep RTDs private because by publishing them, we
> make it harder to change the ABI (because users might be matching fields
> positionally) and we make it trivial for users to forge records of that
> type, bypassing any checks we may have in the official constructor (such
> as “sanitizers”).
Perhaps we should document this? More power to the users!
> What do you think of reverting this commit? I don’t see references to
> <user-account> outside of its module.
I'd like to note there are also valid usages requiring a record type,
such as 'match-record' from (guix records). Otherwise, I don't feel
strongly about it, but if if's done I think the rationale you gave above
should be documented in our contributing guidelines.
--
Thanks,
Maxim
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#66279: Unexporting <user-account>
2023-10-01 20:28 ` Maxim Cournoyer
@ 2023-10-05 21:28 ` Ludovic Courtès
0 siblings, 0 replies; 3+ messages in thread
From: Ludovic Courtès @ 2023-10-05 21:28 UTC (permalink / raw)
To: Maxim Cournoyer; +Cc: 66279-done
Hi,
Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:
> Ludovic Courtès <ludo@gnu.org> writes:
>
>> Hi Maxim,
>>
>> Commit 03795e2ba27424fc98957da00f6c71325e7ae425 exports the
>> <user-account> record type descriptor (RTD).
>>
>> Common practice is to keep RTDs private because by publishing them, we
>> make it harder to change the ABI (because users might be matching fields
>> positionally) and we make it trivial for users to forge records of that
>> type, bypassing any checks we may have in the official constructor (such
>> as “sanitizers”).
>
> Perhaps we should document this? More power to the users!
Done in commit 7b710836a1c7cb921f54ead64f465bcc5333d076, based on what I
wrote above.
>> What do you think of reverting this commit? I don’t see references to
>> <user-account> outside of its module.
>
> I'd like to note there are also valid usages requiring a record type,
> such as 'match-record' from (guix records). Otherwise, I don't feel
> strongly about it, but if if's done I think the rationale you gave above
> should be documented in our contributing guidelines.
Alright, done as well in commit
97927608cb4f9c5d721115f1cb638de17ac38e62.
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-10-05 21:30 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-30 10:10 bug#66279: Unexporting <user-account> Ludovic Courtès
2023-10-01 20:28 ` Maxim Cournoyer
2023-10-05 21:28 ` Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).