bzbarsky at MIT.EDU
Wed Jun 18 13:44:49 PDT 2014
On 6/18/14, 3:14 PM, Anne van Kesteren wrote:
> Revisiting existing classes and making them suitable for subclassing
> seems like something that would be hard to avoid.
I think the difference for me is whether making a class subclassable
before careful auditing means potentially introducing suboptimal
behavior (that we presumably fix when either we do the audit or someone
reports a bug) or whether it means potentially introducing a security bug.
In the former case, we can conceivably allow subclassing immediately
(possibly only in nightly builds or whatnot) and then work on resolving
the issues people find. In the latter case the auditing needs to be a
lot more stringent before subclassing is allowed, and allowing
subclassing without auditing is just a non-starter. I'm OK shipping
somewhat buggy code for people to experiment with in nightly builds, but
I'm not OK shipping security bugs.
More information about the es-discuss