Thomas Hallgren <thhal@mailblocks.com> writes:
> GCJ is a clean house implementation of Java. They don't use the runtime
> libraries from Sun and they are not really there yet in their efforts to
> copy the functionality. One of the things that lag behind is security.
> They hope to have a better security implementation before the year end
> but there's no promise.
OK, so that is a transient limitation of the GCJ work, not something
fundamental. Thanks for clarifying. In that case I agree that trying
to restrict it mechanically isn't a good idea --- the code restriction
would still be around after the problem was gone.
I still think this is irrelevant to the PL template discussion, however,
since neither our past approach nor either of the proposals will make it
the least bit difficult for a user to mislabel pljava as TRUSTED when
the underlying implementation isn't really trustworthy.
(What the PL template approach *would* do is make it difficult to create
a language that is trusted but named pljavau, or untrusted and named
pljava. Personally I don't see that as a bad thing, however. The
opportunity for confusion is far too great if you go against the
established naming conventions.)
regards, tom lane