I’m wondering if, while the macro system is being completely changed, it might be a good time to think about security considerations of macros.
Currently, a macro from a library (maybe a distant transitive dependency) could, at compile-time, exfiltrate data or run any other arbitrary code on a developer’s system. This is one bad actor away from a massive security incident.
I can imagine legitimate use cases for accessing the filesystem or the network within a macro, but maybe this should be something that is impossible by default (via something like java.security.AccessController
, I dunno).
Something something pure functions