[erlang-patches] What's cooking in erlang/otp (2010-03-22)

[Musumeci, Antonio S]

> This prompted me to check whether the phrase "kicking in an open 
> door" is viable in English as well as in Swedish. It seems to be.
> No one argues that better security wouldn't be very useful. The 
> question is how to get there, and exactly what gradual changes 
> would be the right place to start. To repeat, the bar for changing > the semantics of Distributed Erlang and the rpc libraries is pretty > high, even if it is for a good cause.

>From my perspective as a new user to Erlang there just seems to be no real care for security. Going back over 10 years there are 3 or 4 papers written on improving security in different sections of the platform and not only were none of the features added as far as I can tell but the implementations unfortunately aren't even available. I scan through a decade of emails on the mailing lists and you see the same questions asked regarding sandboxing the VM and providing security measures to the distributed parts but the they always get the "do it outside of erlang" answer which as I mentioned raises the bar to entry, duplicates effort and limits the native feature set. Lots of modern platforms provide pluggable security models and sandboxing abilities... I don't see why Erlang shouldn't. Perhaps there isn't as much resistance to change as I'm encountering but up to this point I've not seen any real discussion of the proposals I or others have made. Rather than a why restricted ports was rejected... I get simply its rejected.
--------------------------------------------------------------------------
NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law.