V: Vlang is not safe to use for a production, Please track!
As discussed on discord and in https://github.com/vlang/v/issues/3567 vlang is not safe to use for a production system due known issues like memory leaks (and more?).
I want to use vlang on my project, but i HAVE TO be aware of ALL known security issues so that i could adapt the project for them.
Please make a tracking for all known issues that break production so that they can be tracked and adapted for development.
Thanks ^-^
Kreyren
All 10 comments
Other than memory leaks which are finally going to be fixed by next week, I'm not aware of anything.
medvednikov
on 8 Mar 2020
@medvednikov Relatedly, since V is translated to C before compilation, how can you ensure that there are no buffer overflows? (I don't know how bounds checking is implemented, but, is it?) Are you only outputting a safe subset of C?
Thanks!
elimisteve
on 8 Mar 2020
Of course.
medvednikov
on 8 Mar 2020
Other than memory leaks which are finally going to be fixed by next week, I'm not aware of anything.
To clarify there are currently 386 issues/requests marked with bug and it makes it very difficult to track critical issues like memory leaks since i can't find any reference to them anywhere other then asking on discord which only points to results like this which are not helpful:
It would help a lot if you could track these in a milestone or something so that i could warn my end-users about these issues (ideally referencing on upstream tracking with checking to see if any critical bugs are known to apply the warning message) in case i can't hotfix them.
Kreyren
on 8 Mar 2020
All projects have bugs. Go has 1135 NeedsFix issues, doesn't mean it's not ready for production.
Like I said, I'm not aware of critical bugs other than memory leaks.
medvednikov
on 8 Mar 2020
Other than memory leaks which are finally going to be fixed by next week, ...
Next week? Oh no, this is not a marketing trick but a lie.
iredmail
on 9 Mar 2020
All projects have bugs. Go has 1135 NeedsFix issues, doesn't mean it's not ready for production.
Go is not a programming language under heavy development with relatively small team like vlang for it to be likely to get critical bugs that breaks production..
Or can i use vagrant on vlang or some tools to ensure it's safety on runtime?
Kreyren
on 9 Mar 2020
You can use any tool you want. Valgrind will report 0 errors on all V programs and will be added to CI to keep it this way. As well as Clang analyzer, PVS, -Wall, etc.
Go is not a programming language under heavy development with relatively small team like vlang for it to be likely to get critical bugs that breaks production..
I was just commenting on your point about 386 bugs.
medvednikov
on 9 Mar 2020
I've added a new label Security to track such issues.
So if you found something, please create a new issue using this label.
medvednikov
on 10 Mar 2020
@medvednikov thank you! ^-^
Kreyren
on 11 Mar 2020
Related issues
clpo13
路
3Comments
oleg-kachan
路
3Comments
choleraehyq
路
3Comments
shouji-kazuo
路
3Comments
penguindark
路
3Comments
Most helpful comment
Next week? Oh no, this is not a marketing trick but a lie.