GnuTLS (libgrypt really) and Postfix
James A. Donald
jamesd at echeque.com
Wed Feb 15 18:36:16 EST 2006
--
John Denker wrote:
> Whatever happened to doing what's best for the customer? Doing
> what's most convenient for the programmer during testing, while
> making things worse for the customer during deployment ... that
> seems remarkably unprofessional.
It is usually better for the customer that the program does nothing,
than that it does something unexpected.
This is particularly true in mission critical applications, such as
for example a pace maker. Would you rather have an inactive
pacemaker, or pacemaker busily doing something unexpected?
In the case in question, going bad means that the program appears to
be encrypting data, but is NOT encrypting data, or is only trivially
encrypting data. This is far worse for the customer than an
encryption program that simply aborts.
> Last but not least, I object (again!) to the false dichotomy, i.e.
> the allegation that exceptional conditions must either
> a) result in an abort, or b) go undetected.
The correct solution to exceptional conditions is to use exceptions.
This is not always practical or available, though it should be. The
whole world should move to C++. If exceptions are not available, what
then do we do? I say abort.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
yT/vxBNSRjFYGpU6iWTY1tvxDKTWkDa9wubFEmYD
40btwbJ8sjQGTu/vmkD4fjY1gud+1641iRf+Uq+Pb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list