Re: CVS commit: src/crypto/external/bsd/netpgp/dist

[Alistair Crooks <agc%pkgsrc.org@localhost>]

On Thu, May 07, 2009 at 11:09:57PM -0400, Perry E. Metzger wrote:
> 
> Alistair Crooks <agc%pkgsrc.org@localhost> writes:
> > On Wed, May 06, 2009 at 06:47:37PM +0200, Joerg Sonnenberger wrote:
> >> On Wed, May 06, 2009 at 03:52:15PM +0100, Alistair Crooks wrote:
> >> > You're right, if you believe that the failure of a runtime check for
> >> > the length of time_t being greater than or equal to 4 bytes is
> >> > sufficient to abort an application.
> >> 
> >> ...which can and should be a compile-time assertion.
> >
> > Absolutely - we can put it in <sys/cdefs.h>, right next to the check
> > for the value of pi changing, and the check for int32_t being able to
> > address 32 bits.
> >
> > Having this kind of thing as compile-time checks would take a huge
> > weight off my mind.
> >
> > Alistair
> >
> > PS.  It has suddenly struck me that your suggestion might have been
> > serious. Oh well...
> 
> Often, when one is writing code like this, one assumes something like
> the idea that time_t is always, say, four bytes. Then, later, someone
> like Christos comes along and turns the value into an eight byte
> quantity and assumptions fail. It is nice to have the assumptions fail
> in a nice loud way at compile time. This is not the same as checking
> that pi has not changed.

The check was for time_t's being *at least 4 bytes* (openpgpsdk was
compiled on Solaris 10 update something which has 64bit time_t's) -
see the quoted text above.

We used to write

        long time(); /* no C */

in the days before prototypes and <time.h> - this goes back to at
least the early 80s.  So, au contraire, the check had as much value as
one for pi changing.

Regards,
Alistair