Opened 15 years ago
Last modified 14 years ago
#123 new defect
consider making RemoteException mode the default
Reported by: | Brian Warner | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | undecided |
Component: | error-handling | Version: | 0.3.0 |
Keywords: | Cc: |
Description
Ticket #105 introduced a mode to wrap all remote exceptions in a special RemoteException
type, to make them easier to distinguish from local exceptions. It added a Tub option to enable this mode, because application code needs to change to accomodate it.
Let's consider making this mode the default, after some suitable warning (i.e. release 0.4.0 with the mode available, then a release with the RemoteException mode being the default but the old mode still being available, then finally a release without the old mode at all).
On the other hand, I'm still on the fence as to whether I think Foolscap-using programs should distinguish remote exceptions so.. forcefully. E doesn't make a distinction, so I'm occasionally hesitant to obligate Foolscap programs to do differently.
Change History (4)
comment:1 Changed 15 years ago by
Summary: | make RemoteException mode the default → consider making RemoteException mode the default |
---|
comment:2 Changed 15 years ago by
Component: | usability → error-handling |
---|
comment:3 Changed 14 years ago by
comment:4 Changed 14 years ago by
For what it is worth, I still think it is a correctness and security risk to make local and remote exceptions easy to conflate. This opinion was formed by having trouble debugging Tahoe-LAFS a few times when Tahoe-LAFS was generating local exceptions and I was mistaking them for remote exceptions. I think I also found cases in Tahoe-LAFS where this conflation could have been a security hole, but where we lucked out and the ability of the remote side to send exceptions of various types up through the local sides stack didn't result in any actual harm.
not happening for 0.6.0: we haven't decided to do this, much less started the deprecation process.