Svante Signell, le Fri 13 Jan 2012 14:43:06 +0100, a écrit : > > No, but Guillem probably feels the same, and I do too: it's hard to tell > > you anything because you quickly get things personally. > > I don't consider my replies to be personal
I should have said "you quickly take things personally". It's difficult to comment on your code because you quickly take it as a personal criticism, which it is not. > And the proposed replacement function works properly, with minor > glitches as you points out. But it doesn't mean that upstream will happily accept it. > I thought usage of obsolete library code should be avoided if > possible, especially when better replacements are available, even when > creating patches. Which function are you referring to precisely? Some functions are not "obsolete", they are just not trivial to use. > > > The bad thing is that there are still packages depending on this code. > > > It should go down the drain and depending packages convert to something > > > else (or a new upstream pops up). > > > > I don't understand this. Did you understand what he said? libtar using > > odd functions is not a problem since if the system does not provide > > them, then libtar has its own version. I don't see where the depending > > packages come into play. > > Yes, but the fallback version use same non-recommended constructs as the > POSIX version does (modifying the argument) and I wanted to get rid of > that for this piece of the code. I'm lost. What are you referring to exactly? > > > Might be so, in my opinion strncat is safer than strcat wrt buffer > > > overflows, but I'm probably wrong. > > > > In some cases it's true, in some other cases (like the case at stake), > > it's wrong. > > So the basic knowledge of vulnerability was not totally wrong even if > not applicable in this case. Yes. Samuel -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/20120114224838.GA10604@type
