[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Secure programming additions to HACKING

From: Julian Fitzell <julian_at_beta4.com>
Date: 2002-04-23 05:22:45 CEST

Alex Holst wrote:
> Quoting Karl Fogel (kfogel@newton.ch.collab.net):
>>It would be best to avoid saying things that everyone already knows
>>(for loose values of "everyone", of course), such as don't use strcat
>>and strcpy, don't accept arbitrary length input into fixed-length
>>arrays, etc. :-)
>
>
> In my experience, a programmer who knows this is an exception. Things
> are getting better, but much too slowly. I would agree that HACKING
> should be as specific to Subversion as possible.
>

Gotta agree with that. It's obvious if you're aware of the problem but
they sure as hell didn't teach that in any of my cpsc courses at
university (don't get me started on what they don't teach... :)

That said, if you follow this principle, the HACKING file could get
rather long. Perhaps a referall to another file that discusses such
issues would be beneficial? (whether it's in the repos or a URL or
whatever...)

Something that we can point to and say "these rules must be followed in
submitted code"...

Julian

-- 
julian@beta4.com
Beta4 Productions (http://www.beta4.com)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 23 05:24:50 2002

This is an archived mail posted to the Subversion Dev mailing list.