Hi all,
This is a summary of ruby-dev ML in these days.
[ruby-dev:23762] Ruby 1.8.2 to be released
Kouhei Sutou requested to import his RSS Parser library into 1.8 branch,
and Matz agreed with him.
[ruby-dev:23784] URI()
TANAKA Akira proposed a new global method URI(), to construct an URI
object. With this method, you can write HTTP GET program as below:
print URI("http://www.example.com/").read
This program is better than `open("http://....").read' because it
properly closes IO objects.
Here are some opinions: (+ : approval, - : objection)
+ There are similar methods such as Integer(), String(), etc.
+ URI is a name, literal-like syntax seems good.
- URI.[] is better because URI() pollutes the global name space.
- String(obj) calls obj.to_s. Integer(obj) calls obj.to_i.
But URI(obj) does not call obj.to_uri.
(Note that Complex(obj) does not call obj.to_complex, too.)
- A method name which begins with a capital looks bad.
This issue is still open.
[ruby-dev:23814] $SAFE in Proc
[ruby-dev:23815] set_trace_func in safe mode
Nobuyoshi Nakada posted two security considerations.
1. $SAFE=4 program can safely call a Proc object which is created
by $SAFE=0, and it runs in $SAFE=0. It causes `$SAFE downgrading'.
-> Matz said that it is not a problem because Proc objects which
are created in $SAFE=0 environment should be trustable.
In other words, you should not load untrustable code in $SAFE<4.
2. set_trace_func should be prohibited in $SAFE>0.
-> Matz stated that $SAFE>3 check is enough,
because we are trusting $SAFE<=3 codes.
-- Minero Aoki
ruby-dev summary index:
http://i.loveruby.net/en/ruby-dev-summary.html