Feature #19388
closed
Deprecate SecurityError
Description
I think we should deprecate SecurityError in Ruby 3.3 and remove it in Ruby 3.4. I think we probably should have deprecated SecurityError when $SAFE was deprecated, but better late than never.
I've submitted a pull request to deprecate it: https://github.com/ruby/ruby/pull/7193
Updated by matz (Yukihiro Matsumoto) over 1 year ago
The original intention of SecurityError was the errors from taint checks. So most usages of it are misused (including core implementation).
But at the same time, I don't want to punish existing code by removing it. So we keep it for the foreseeable future.
Adding deprecation flag may not be needed.
Matz.
Updated by Eregon (Benoit Daloze) over 1 year ago
TruffleRuby still uses this exception class, notably when something is not allowed in "GraalVM Context permissions" such as "not allowed to create thread"/"not allowed to use native libraries"/"not allowed to use Java interop"/etc.
(full list of such permissions at https://www.graalvm.org/sdk/javadoc/org/graalvm/polyglot/Context.Builder.html).
It seems a natural fit for such permissions errors, so I think we should keep this class, non-deprecated.
Updated by jeremyevans0 (Jeremy Evans) over 1 year ago
- Status changed from Open to Rejected