Is the Temporal.now namespace (still) necessary? #794
Comments
|
It's very intentional to have the |
|
SES? I'm not familiar with the term... |
|
https://github.com/Agoric/ses-shim, but in general, it's because the ability to get the current date/time/locale is sensitive information, and software that's trying to run untrusted code needs to be able to lock down sensitive APIs, and with your suggestion, the instant a new sensitive API is created, things are immediately insecure until they realize and lock down the new API. With the |
|
Ah, interesting and a very good point... I suppose I don't have the context necessary to determine the relative value of a cleaner(?) API vs something easy to handle for SES. |
|
More to the point, it will be likely be impossible for this entire proposal to gain consensus if it lacks the |
|
Fair enough! Thanks for taking the time to explain. It felt awkward and I couldn't find much information on the reasoning behind it. |
|
my 2 cents, I want a facility for testing, where I can fake the current time and I should be able to do that by creating stubs of Temporal.now. Temporal.now looks similar to |
|
To be clear, is the security concern about getting the system’s current date/time/locale or with having access to a high precision timer? |
|
After reading the draft proposal for SES, the issue with getting the current time is that it is non-deterministic and this somehow enables two realms to communicate or effect each other's state. They didn't explain, or give any examples of, how this is possible though. If anyone has a link or an explanation for specifically what SES's issue is with non-deterministic values I would be interested in reading that. |
|
@gibson042 - as the one who's most current with the SES meetings, do you have any resources for this? |
|
SES is now at https://github.com/Agoric/ses-shim , and the old demo is available at https://rawgit.com/Agoric/SES/v0.6.5/demo/ . The basic idea is that SES allows running untrusted code in a sandbox with no access to the outside world or any form of nondeterminism other than endowments from the parent—the code is allowed only to "think real hard", but nothing more. To do so, SES must "tame" the built-in capabilities, and Temporal.now is an attempt to make that convenient (for both SES and any other environment virtualizing use case). |
|
Cross-referencing, does that mean sinonjs/fake-timers#335 would just need to fake the |
|
@SimenB yes, I believe that's the case (in addition to faking |
|
Great, thanks @ljharb! |
|
Given the resolution above I think this can be closed. |
Apologies in advance for (probably) bringing up old bikeshedding arguments. I've read the
Temporal.nownamespace discussion in #236.My very first thought when looking at Temporal is, "WTF is Temporal.now?"
At first I assumed it was a getter for the current value. Turns out it's only a namespace, but is that namespace necessary?
Temporalcurrently has (by my count) 11 properties, including now, Absolute, DateTime, Time, etcnownamespace has 5 functions.I would propose dropping the
nownamespace and putting those functions directly on TemporalTemporal.now.dateTime()->Temporal.dateTime()Yes, there might be confusion between
Temporal.dateTimeandTemporal.DateTime, but I'm not sure that's worse than having thenownamespace.The text was updated successfully, but these errors were encountered: