Eric did security related review. Here are some comments/suggestions from him,
slightly reworded by me. Eric will correct me if I misrepresented anything:
1) In section 1:
Eric felt that claims in the following paragraph are overstrong:
The language is powerful enough to be useful but limited in order to
allow for a safe server-side filtering system. The intention is to
make it impossible for users to do anything more complex (and
dangerous) than write simple mail filters, along with facilitating
the use of GUIs for filter creation and manipulation. The language
is not Turing-complete: it provides no way to write a loop or a
function and variables are not provided.
He suggested the following replacement:
The language is intentionally simple in order to make implementing
secure implementations easier. However, several Sieve features do
allow Sieve scripts to consume significant resources and thus
implementors and administrators must take care to appropriately
limit the amount of resources consumed by individual users.
2) In section 2.4.1 (talking about numbers):
Only positive integers are permitted by this specification.
Eric asked if zero was really not allowed.
I've checked my implementation and it would happily accept 0.
Any objections to changing section 2.4.1 to say "non-negative"?
3) Section 2.10.6:
Eric suggested to drop the following 2 paragraphs:
Implementations might even go so far as to ensure that scripts can
never execute an invalid set of actions before execution, although
this could involve solving the Halting Problem.
This specification allows any of these approaches. Solving the
Halting Problem is considered extra credit.
Eric said: solving the halting problem is not actually a problem with FSMs.
Any objections?