[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Theo chiming in on strlcpy
On Sat, Dec 21, 2013 at 07:38:23PM +0000, David Holland wrote:
> On Sat, Dec 21, 2013 at 08:22:05PM +0100, Marc Espie wrote:
> > Yeah, you're probably the 1% that uses strcpy correctly the first time.
> > But think about it. Less gifted developers are going to use it
> > Or go write impossible-to-audit messes.
> > I prefer having my code go 0.5% less fast, but not to have to spend hours
> > auditing wacky wacky wacky string stuff.
> Not only have I thought about it, I've been patching insecure code as
> long as just about anyone. I just don't happen to agree with your
Well, aren't you getting tired of patching the same mistakes again and again ?
I mostly got my opinion (what you called "dogma") when I started realizing
I didn't have enough time to fix it all. And when you start delegating, or
teaching, you start realizing what is "obvious" to you is very complicated
for a lot of people (because they don't have your experience).
Face it, the numbers are against us. We're going to be overrun by
there are too many misused strcpy out there, and not enough good developers.
You can't enlighten them all. Giving them better and simpler tools is more
Main Index |
Thread Index |