SecurityTransparent should be removed from Collections.Immutable #24122
Comments
|
Agree. This attribute is specifically blocking us from making performance wins in Roslyn. It prevents us from using any performance related feature we've done in SCI and that is the core of Roslyn's performance. Customers who want to continue to use SecurityTransparent can use the older version of this library. |
|
@jkotas yep. In both those cases the customer can continue using the older NuGet package. Going forward we should remove this limitation so we can take advantage of all the new performance work we've been doing. |
|
Using an older version of the package sounds easy -- until a desktop app wants to use a library that 'requires' a newer version of the package. When will this be a problem? If full trust contexts on .NET Framework have no problem with this attribute removed, then I don't object. |
|
Requiring that this package continue to load in full trust enviroment is pretty much going to prevent it from being modified in any substantial way going forward. Consider that:
This is not due to the code being unsafe but rather due to PEVerify simply not being updated anymore to match the evolution of the platform. Other projects like ILVerify are attempting to fill the gap for type safe verification but it will not impact full trust envirnoments which still rely on PEVerify. This is the only package in the .NET Core SDK which has this attribute and the only one being held back by this scenario. It's also important for performance and platform evolution that we move this package forward. The solution for existing customers who rely on full trust is to use the existing package. Any library which is requiring them to upgrade is itself likely using a technology like Net Standard 2.0 which prevents full trust usage. Hence no point there in keeping this. |
I assume you meant to say partial trust.
It will break PEVerify. It will not break partial trust. The checks done by PEVerify are not the same as the checks done when running in particular trust. I agree with the rest what you are saying. Partial trust is a dead end. Not worth keeping it alive. |
|
@jaredpar Is it safe to replace every one of your uses of the term "full trust" with "partial trust"? Otherwise I'm thoroughly confused as I would expect everything to always work in full trust environments (the default for .NET Framework). I thought removing this security transparent attribute would break partial trust scenarios, which were never very popular anyway and have been deprecated long ago. |
|
Also, how is this package being held back? So what if it can't use C# 7.2 features like |
Yes. Sorry for the confusion here.
There are many places in this library where we would like to take advantage of |
|
OK. Since it sounds like it works in Full Trust environments on .NET Framework, I don't object. |
ghost
locked as resolved and limited conversation to collaborators
SecurityTransparent is a bit of a vestige nowdays, but is still enforced on desktop runtime.
As such the presence of the attribute is a blocker for the new language/runtime features such as ref returns, readonly references, spans...
Use of readonly references, in particular, makes a lot of sense, since the collections are Immutable
NOTE: Nearly no other library in CoreFx uses SecurityTransparent. ( https://github.com/dotnet/corefx/search?utf8=%E2%9C%93&q=SecurityTransparent&type= )
It is surprising that Collections.Immutable still does.
I think the attribute needs to be removed and soon since it is already causing troubles.
(Example: change dotnet/corefx@fc4b1ad when upgrade to C#7.2 had to be paired with disabling certain optimizations - we are not even using new features yet)
The text was updated successfully, but these errors were encountered: