Jeffrey Walton <[email protected]> writes: >The CVE folks told the Crypto++ library that the behavior should have been >documented.
OK, that one definitely qualifies as a bogus CVE. How would you document all the ways people can use your code incorrectly? Will the docs end up with statements equivalent to the apocryphal "Do not hold the screwdriver in your hand with the blade facing upwards and run with it and trip and poke it into your eye, since this may void the warranty"? Or this sort of thing: https://www.rd.com/list/funny-warning-labels/ My favourite on there is the fire-risk warning on a box of firewood, but the rest are pretty good too. Peter.
