On Wed, 14 May 2025, Dan Fandrich via curl-library wrote:
According to Wikipedia, McCabe suggested a limit of 10 and NIST later
suggested some situations where 15 might be appropriate. So, 100 seems like
a good starting point!
Aggressive! We currently have no less than 326 functions scoring over 15. Out
of 3436, so about 9.5% of all functions.
If the current few known-bad offenders are added to a whitelist it becomes
easier to ratchet this number down over time. In fact, depending on how many
high-value functions there currently are, it might be better to start out
with a larger whitelist and lower limit.
- Seven are over 100
- 13 are over 90
- 14 are over 80
- 23 are over 70
I think maybe a challenge with a whitelist is that functions sometimes change
names.
--
/ daniel.haxx.se || https://rock-solid.curl.dev
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
