On Wed, Jul 3, 2019 at 7:31 PM Phil Hofer <xxxxxx@sunfi.sh> wrote:
Consequently, a "safe" subset of R7RS must restrict the
implementations of define-syntax, letrec-syntax, etc. to
only accept hygienic syntax transformers.
R7RS-small has no other kind of syntax transformer. On a syntax-case system, a bare lambda would indeed be dangerous, but at least {er,ir,sc,rsc}-macro-transformer are unavailable.
I also think it might be worth reconsidering the use of the
words "safer" in the title of this SRFI. It's not clear
what "safer" means in this context: what security guarantees
are we actually trying to achieve here?
We guarantee exactly nothing except a lower level of risk than not sandboxing at all. That's why I was careful to use language like "safer" (as in "safer sex" as opposed to "safe sex", which suggests no risk at all), "less concern", "increased assurance", and "almost certainly".