Status of other sources of SES?

[Mike Stay]

It looks as though nothing has happened on drses/ses since 2013, and
very little has happened on google/caja since 2014. Is SES only being
developed under https://github.com/Agoric/SES now?

It also looks as though the API for running SES has changed over the
last year or so. It used to be that I would build initSES.js, include
it (or the minified version) in a page, then invoke
cajaVM.compileExpr(untrustedSource)(virtualGlobal)
when I wanted the result of running an untrusted expression.

I don't see initSES in the output of
npm run build

Is it still generated? If not, what's the new incantation to evaluate
an expression in an SES environment?
--
Mike Stay - meta...@gmail.com
http://math.ucr.edu/~mike
https://reperiendi.wordpress.com

[Mark Miller]

Hi Mike I repeated your question and answered at https://ocapjs.org/t/which-ses-how-to-use-ses/41/3

Can we discuss there? Thanks.

--

---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-caja-dis...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

  Cheers,
  --MarkM

[Mike Stay]

OK. What topics, if any, would you like to remain on this list?

[Mark Miller]

Anything specific to Google-Caja or to the original-SES within Google-Caja.

But if there are contrary preferences, please speak up. Thanks.

[Mike Stay]

Should anyone using original-SES switch to SES, or will security
patches be backported?

[Mark Miller]

Neither Agoric nor Salesforce are likely to invest effort backporting fixes into original-SES.

I would anyone using original-SES should switch to SES, including Google. However, as mentioned, there are porting costs. That's the right place to put engineering effort, rather than backporting fixes to original-SES.

If anyone (including Google) would like help migrating from original-SES to SES, please let us know. Thanks.