updated draft Alex Shinn (23 Nov 2013 13:50 UTC)
Re: updated draft John Cowan (24 Nov 2013 23:23 UTC)
Re: updated draft Alex Shinn (25 Nov 2013 00:00 UTC)
Re: updated draft John Cowan (25 Nov 2013 00:38 UTC)
Re: updated draft Alex Shinn (25 Nov 2013 10:50 UTC)
Re: updated draft John Cowan (25 Nov 2013 18:04 UTC)
Re: updated draft Alex Shinn (29 Nov 2013 01:18 UTC)
Re: updated draft John Cowan (29 Nov 2013 03:39 UTC)

Re: updated draft John Cowan 25 Nov 2013 00:38 UTC

Alex Shinn scripsit:

> I answered this indirectly by expanding the history and making clear
> that the entire reason for using regular expressions is that they are
> efficient.  I have no intention of removing these warnings because
> this is a genuine security concern that programmers should be aware of.

There's a big difference between "prohibitively expensive" and "should
avoid their use" on the one hand, and "very expensive" and "should
avoid their use except when necessary" on the other.  I suggest the
latter language is more appropriate for a feature that is, after all,
being included, not excluded.

> > In <http://srfi.schemers.org/srfi-115/mail-archive/msg00020.html>,
> > Michael Montague requested textual alternate names for the patterns
> > ?, *, +, etc.  You agreed, but haven't done it.
>
> I said I see no reason not to do it.  If someone comes up with a
> reasonable list of names I can include them.

I propose `optional`, `zero-or-more`, `one-or-more`, `at-least`,
`exactly`, and `repeated`.  Verbose, but easy to understand.

--
John Cowan  xxxxxx@ccil.org  http://ccil.org/~cowan
If I have seen farther than others, it is because I am surrounded by dwarves.
        --Murray Gell-Mann