Project

General

Profile

Actions

Feature #19388

closed

Deprecate SecurityError

Added by jeremyevans0 (Jeremy Evans) almost 2 years ago. Updated almost 2 years ago.

Status:
Rejected
Assignee:
-
Target version:
-
[ruby-core:112097]

Description

I think we should deprecate SecurityError in Ruby 3.3 and remove it in Ruby 3.4. I think we probably should have deprecated SecurityError when $SAFE was deprecated, but better late than never.

I've submitted a pull request to deprecate it: https://github.com/ruby/ruby/pull/7193

Updated by matz (Yukihiro Matsumoto) almost 2 years ago

The original intention of SecurityError was the errors from taint checks. So most usages of it are misused (including core implementation).
But at the same time, I don't want to punish existing code by removing it. So we keep it for the foreseeable future.
Adding deprecation flag may not be needed.

Matz.

Updated by Eregon (Benoit Daloze) almost 2 years ago

TruffleRuby still uses this exception class, notably when something is not allowed in "GraalVM Context permissions" such as "not allowed to create thread"/"not allowed to use native libraries"/"not allowed to use Java interop"/etc.
(full list of such permissions at https://www.graalvm.org/sdk/javadoc/org/graalvm/polyglot/Context.Builder.html).

It seems a natural fit for such permissions errors, so I think we should keep this class, non-deprecated.

Actions #3

Updated by jeremyevans0 (Jeremy Evans) almost 2 years ago

  • Status changed from Open to Rejected
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0