Formal Request - Discourage Taint

Taint mode was created a long time ago to help ensure safety with suidperl
-it was designed to avoid dirty data messing up system calls. We've long
since realized suidperl was a bad idea, yet we have kept Taint mode
around under the pretense that it makes our code safe; it's time to let
that go.

It did do one thing of note; it removed dot from @INC. Having @INC cleaned
of dot caused a lot of work to happen to ensure things continued to
function/install. That work has already been done at this point and
removing Taint wouldn't add to the heartache anymore.

It's nearly everywhere in the Perl code base and in lots of places on CPAN,
slowing things down and creating bugs that otherwise wouldn't exist. For
example, File::Spec is broken on Windows when used with Taint mode on. It's
broken because Taint mode restricts use of environment variables (which
doesn't protect anything). There's no good way to fix that. An example:
https://rt.cpan.org/Ticket/Display.html?id=129791#txn-1863529

Rather than re-stating everything that's been discussed already on the
matter, I'll point you to a good summation on reddit here:
https://www.reddit.com/r/perl6/comments/718z4o/taint_mode_for_perl_6/dnmu83i/

Also, as was pointed out on IRC, we can simplify the Perl code by removing
all of this confusion and getting rid of some of the absurdity such as the
fact that there are two flags:

SILENT_NO_TAINT_SUPPORT makes -T silently not do anything
NO_TAINT_SUPPORT makes it an error

In short, it's a placebo for safety that causes more problems than it ever
even claimed to solve. Officially discouraging it makes sense. I see such
discouragement coming in the form of:
1. Updating documentation to claim it discouraged.
2. Requiring user opt-in via build flags to build with Taint mode. The
default build should be NO_TAINT_SUPPORT. My perfect world scenario would
see both existing build flags done away with and a positive one
(WITH_TAINT_SUPPORT maybe) that defaults to a falsey value being added.
Either way, force users to choose to turn on Taint mode, keeping with the
official discouragement stance.

Thanks,
Chase

• Formal Request - Discourage Taint by Chase Whitener
• Re: Formal Request - Discourage Taint by Chase Whitener
• Re: Formal Request - Discourage Taint by Tomasz Konojacki
• Re: Formal Request - Discourage Taint by James Reynolds
• Re: Formal Request - Discourage Taint by David Nicol
• Re: Formal Request - Discourage Taint by Andy Dougherty
• Re: Formal Request - Discourage Taint by David Nicol
• Re: Formal Request - Discourage Taint by Dan Book
• Re: Formal Request - Discourage Taint by demerphq
• Re: Formal Request - Discourage Taint by Dave Rolsky
• Re: Formal Request - Discourage Taint by Dave Mitchell
• Re: Formal Request - Discourage Taint by Tomasz Konojacki
• Re: Formal Request - Discourage Taint by demerphq
• Re: Formal Request - Discourage Taint by Chase Whitener
• Re: Formal Request - Discourage Taint by Dave Mitchell
• Re: Formal Request - Discourage Taint by Sawyer X
• Re: Formal Request - Discourage Taint by Dave Mitchell
• Re: Formal Request - Discourage Taint by Chase Whitener
• Re: Formal Request - Discourage Taint by Dave Mitchell
• Re: Formal Request - Discourage Taint by shmem
• Re: Formal Request - Discourage Taint by Tom Molesworth via perl5-porters
• Re: Formal Request - Discourage Taint by Sawyer X
• Re: Formal Request - Discourage Taint by Rocco Caputo
• Re: Formal Request - Discourage Taint by Paul "LeoNerd" Evans