> On Mon, Jun 02, 2014 at 12:33:14PM -0400, Ted Unangst wrote: > > What compiler warns about this? It's perfectly fine to pass a nonconst > > string to a function that takes a const string. > > char * vs unsigned char *?
So this is a great way to lose focus. The agenda is a step-by-step refactoring of the codebase, without causing accidental harm to the API. Each simplification step should make the code simpler, more accessibile for analysis by skilled peopke, resulting in further improvement; security will improve step-by-step hopefully without any other downsides. You can be part of that agenda. Or, we can go bikeshed about compiler warnings which are clearly false positives. Under the assumption that these conversations have no time-wasting impact on the people doing real work to make things better. You can figure out what I'm not saying on this line.