:: Re: [DNG] Systemd Shims
Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Laurent Bercot
Fecha:  
A: dng
Asunto: Re: [DNG] Systemd Shims
On 19/08/2015 19:14, Edward Bartolo wrote:
> I am not assuming anything and understand the risks of buffer
> overflows. The first step I am taking is to make the code function.
> The second step is further debug it until it behaves properly and the
> third step is to correct any potential security issues.


I'm sorry, but no, this is not how it works. The first step, as
you say, is to make the code function, and that means *without*
security issues in the design. You can't add security in the
third step; security cannot be an afterthought, it has to be an
integral part of the design.
"Correcting potential security issues" may force you to change
your API entirely, or rewrite significant portions of your code.
This is often impractical, and you may miss some of the issues.


> As anyone can understand, projects, whatever they are, are not
> completed in one step.


Of course projects are not completed in one step. You submitted
a code for review, I gave you a review: this is part of the process,
let's get on to the next step.


> As to studying other languages, here, you are NOT talking to a youth
> in his twenties or his teens, but to a 48 year old. Learning a new
> language is a lengthy process and the ones I know are far more than
> enough for what I do.


I don't care what your age is, or where you live, or what gender you
are, or anything else about you. I'm only looking at the code and saying
what I think of the code. If you want to write in C, then please take
my review into account: it may not be to your liking, but it is honest.

Or use whatever other language you want: I won't know it well enough
to review you, so I'll be off your back.

--
Laurent