http://qs321.pair.com?node_id=11135827


in reply to Proposed change regarding "Taint" support

Out of a habit, I run scripts under taint mode... if the CPAN dependencies permit it. I also more or less regularly run my unit tests under taint mode, and make sure my own stuff is taint-proof.

However, I think Neil has a point with his P5P message. Taint mode was useful in the olden days, where everything (including server stuff) happened on a few Unix hosts and people shared their scripts and used other people's scripts freely because that was just convenient.

Taint mode helps against a certain class of things which might turn out insecure, but today's attackers have found easier targets, and taint mode has always produced its share of false positives. If it goes away, I'll miss it, but only a bit.