On 11/22/2012 09:07 PM, Richard W.M. Jones wrote: > On Tue, Nov 20, 2012 at 12:52:30PM -0500, Przemek Klosowski wrote: >> Interpreters do not preclude simple data: they just scale better, >> from simple linear declarative data to complex, Turing-cranking >> swamp. The only argument against it is runtime overhead, which isn't >> a problem in many, if not most, cases. > > It's NOT the only argument against it. Having Turing-complete > configuration files makes it impossible to have other programs parse > and understand the configuration. Programs including: > > - OpenSCAP, or any other security scanner > - libvirt (hello, old Xen's python config files) > - multiple libguestfs tools like virt-sysprep > - Augeas and all the tools that use it > Moreover, If the application (polkit) uses its embedded interpreter to assess configuration and the scanner (OpenSCAP) uses it's own way how to assess it (even if it differs in a version of the interpreter). --> It only opens door for very subtle bugs. Which leads me to thinking that the applications (which use Turing complete languages for configuration) shall provide a comprehensive API to query the configuration. > Rich. > -- Simon Lukasik -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
