Comment by criemen

Comment by criemen 6 days ago

> Maybe those tools should explicitly confirm executing every external command

This wouldn't work - it's not external commands that's the problem, it's arbitrary code that's being executed. That code has access to all regular system APIs/syscalls, so there's no way of explicitly confirming external commands.

Python/pip suffers the same problem btw, so I think that ship has sailed.

Philpax 6 days ago

Rust is investigating using sandboxed WASM for proc macros, but it'll be some time before there's any movement there: https://github.com/rust-lang/compiler-team/issues/876

Reply View 0 replies

codedokode 6 days ago

Then explicitly confirming running every hook with displaying module and function name.

> Python/pip suffers the same problem btw, so I think that ship has sailed.

If I ever find time to write a package manager for C, it won't support hooks.

Reply View 0 replies