Joyee Cheung

I would suggest to just remove support for assert in the next semver major. I don't really see the point floating a V8 patch like this when the proposal itself...

I would still like to see this happening...@kvakil are you still working on this?

Stress test for flaked tests on RHEL boxes: https://ci.nodejs.org/view/Stress/job/node-stress-single-test/475/ (reference https://github.com/nodejs/reliability/issues/787)

@nodejs/startup @nodejs/cpp-reviewers Can I get some reviews please? Thanks!

It doesn't seem right to override this with the dot env files without checking privileges which was what SafeGetEnv was for. Maybe @bnoordhuis knows better whether this violates what it...

I think we need someone like @bnoorhuis or someone from @nodejs/security to review it and confirm that this is not introducing a attack vector

I think the original intent of SafeGetEnv is to guard against e.g. improper permission escalation when the binary gets the setuid bit set. Not sure what the threat model is....

That would be what I'd do - just ignoring the .env too when the permission check fails - but I don't think I am familiar enough with the original threat...

> Can you add a test ? @targos I don't think we can reliably test this because this requires accessing something that we are not supposed to access in the...

Yes, with a TODO/FIXME comment.