consider making RemoteException mode the default

[Brian Warner]

Ticket #105 introduced a mode to wrap all remote exceptions in a special RemoteException type, to make them easier to distinguish from local exceptions. It added a Tub option to enable this mode, because application code needs to change to accomodate it.

Let's consider making this mode the default, after some suitable warning (i.e. release 0.4.0 with the mode available, then a release with the RemoteException mode being the default but the old mode still being available, then finally a release without the old mode at all).

On the other hand, I'm still on the fence as to whether I think Foolscap-using programs should distinguish remote exceptions so.. forcefully. E doesn't make a distinction, so I'm occasionally hesitant to obligate Foolscap programs to do differently.

[Brian Warner]

not happening for 0.6.0: we haven't decided to do this, much less started the deprecation process.

[Zooko]

For what it is worth, I still think it is a correctness and security risk to make local and remote exceptions easy to conflate. This opinion was formed by having trouble debugging Tahoe-LAFS a few times when Tahoe-LAFS was generating local exceptions and I was mistaking them for remote exceptions. I think I also found cases in Tahoe-LAFS where this conflation could have been a security hole, but where we lucked out and the ability of the remote side to send exceptions of various types up through the local sides stack didn't result in any actual harm.