On Tue, Jun 03, 2014 at 11:22:58AM +1000, Peter Waltenberg wrote:
>
> I won't argue that sometimes legacy support makes the code hard to read,
> but in itself I don't think it's causing bugs.
The OpenBSD people are right here. If it's hard to read, then we
don't have many eyeballs on the code. And while that isn't the only
way to curtail an active development community (Sun Microsytems came
up with many more), it's certainly one of the more effective ones.
It's not like someone wakes up and says, "I know! I'll screw over the
entire internet by introducing a security bug!" It happens by
accident, and the messier your code is, the more likely it is to
happen. Code needs to be easy to read; or else you get bugs. There's
a reason why the Linux kernel coding style strongly discourages
in-line #ifdef's in code.
> I'd also point out that legacy platforms are pretty common in the embedded
> space and may even make up the majority of instances of OpenSSL in the
> wild.
I don't think there are a lot of embedded systems using (a) VMS, (b)
Windows 3.1, or (c) EBCDIC.
Cheers,
- Ted
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
