On 07/30/2018 12:52 PM, Jordan Brown wrote:
Because a zero-leaks policy is a lot easier to manage than having to
make a judgement call on each leak whether or not it's important, and
having to filter out "unimportant" leaks when you're trying to find
out whether you've introduced any "important" leaks.
Maybe the test suite only caused the program to leak one buffer, but
that doesn't tell you whether a real workload (or a malicious
workload) will leak gigabytes.
--
Jordan Brown, Oracle Solaris
^^^ this
So much has changed in programming culture over the decades for me to be
able to call it "engineering" any more. Too much code equivalents of
duct tape, chewing gum, and kite string holding things together out
there and so many consider that normal and ok. I never thought I'd see
the day that someone would have to defend not leaking memory in pivotal
security code like openssl however
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
