Re: [PATCH] Secure programming additions to HACKING

From: Julian Fitzell <julian_at_beta4.com>
Date: 2002-04-23 05:22:45 CEST

Alex Holst wrote:
> Quoting Karl Fogel (kfogel@newton.ch.collab.net):
>>It would be best to avoid saying things that everyone already knows
>>(for loose values of "everyone", of course), such as don't use strcat
>>and strcpy, don't accept arbitrary length input into fixed-length
>>arrays, etc. :-)
>
>
> In my experience, a programmer who knows this is an exception. Things
> are getting better, but much too slowly. I would agree that HACKING
> should be as specific to Subversion as possible.
>

Gotta agree with that. It's obvious if you're aware of the problem but
they sure as hell didn't teach that in any of my cpsc courses at
university (don't get me started on what they don't teach... :)

That said, if you follow this principle, the HACKING file could get
rather long. Perhaps a referall to another file that discusses such
issues would be beneficial? (whether it's in the repos or a URL or
whatever...)

Something that we can point to and say "these rules must be followed in
submitted code"...

Julian

-- 
julian@beta4.com
Beta4 Productions (http://www.beta4.com)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Tue Apr 23 05:24:50 2002

This message: [ Message body ]
Next message: cmpilato_at_collab.net: "Re: Bug in rev 1623 commit_utils.c:do_item_commit()"
Previous message: Philip Martin: "Bug in rev 1623 commit_utils.c:do_item_commit()"
In reply to: Alex Holst: "Re: [PATCH] Secure programming additions to HACKING"
Next in thread: Karl Fogel: "Re: [PATCH] Secure programming additions to HACKING"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]