Menu
▾
▴
Re: DESCRIBE, impnotes, and https client
|
From: Jean L. <bu...@gn...> - 2017-09-21 04:54:30
|
On Thu, Sep 21, 2017 at 01:15:32AM +0200, Bruno Haible wrote: > We have three problems. Here's what I plan to do about them. > > 1) The DESCRIBE function makes accesses to https://clisp.org/. This > has drawbacks: > - The user cannot do DESCRIBE when an internet connection is not > available. > - The documentation that the user accesses does not match the version > of clisp she is using. > - https access is currently not implemented in clisp. > - It violates the user's privacy if other parties can infer by sniffing > what documentation she is accessing. > > Proposed solution: > Let clisp use the *installed* documentation (packaged with clisp). > => No network accesses in this case. > For "make check" to work before clisp is installed, add a command-line > option that specifies the location of the > doc. (Like option '-N'.) That is good idea. It also does not need to access HTML files with http:// as one can simply use the file:// facility instead. The local documentation gives references to the version that user is using. I also think that using a browser is overburden, maybe documentation could be made in similar fashion various Emacs documentation, maybe something as Texinfo so that specific sections may be accessed much easier, either through Emacs or info program. > 2) https access is currently not implemented in clisp. But the web consists > of more and more https. > For https, one needs SSL support with all its intricacies (TLS protocol > versions, certificate checking etc.). > > I'm no longer in favour of including something like Drakma in clisp. > Instead, I believe we need to distinguish the bottom layer (SSL) and the > layer sitting on top of it (https). Given SSL, https can well be done in > Lisp. However, the SSL support ought to use a system-wide standard facility > and the system-wide certificates (/usr/share/ca-certificates/mozilla/ on > some systems) - otherwise revocations won't be handled right. This leaves us > with three options: > - GNUTLS, > - openssl, > - CL+SSL, which is based on openssl. > > I'll go with GNUTLS in the first place, and openssl as fallback (for > portability). > > Since SSL cannot be applied to random streams, pipe streams, etc., but > only to socket streams, the result will be a variant of SOCKET-STREAMs > in clisp. With local documentation there is no need for any HTTP connection, as file:// facility would simply be enough. It also works with HTML anchors. > 3) The DESCRIBE function makes accesses to the CLHS on the web. This has > drawbacks: > - The user cannot do DESCRIBE when an internet connection is not > available. > - It violates the user's privacy if other parties can infer by sniffing > what documentation she is accessing. > > Proposed solution: > Add a facility through which the user can download and install the > complete CLHS on their system once; this requires acknowledging a license. > Cf. [1] > > Comments? GNU software or free software shall not drive the users to non-free documentation in my opinion, it shall not drive users to accept non-free license and download the HTML that is non-free. I think there is free version being made and other sources for documentation. Maybe something like http://clqr.boundp.org/source.html Something like this maybe: http://www.cs.cmu.edu/afs/cs/project/ai-repository/ai/lang/lisp/doc/standard/ansi/0.html Or like this http://jtra.cz/stuff/lisp/sclr/index.html It is better putting effort to make a free documentation for Common Lisp and provide such to users. Jean |
