[Cryptography] I don't get it.

John Gilmore gnu at toad.com
Tue Apr 15 19:29:26 EDT 2014


> Perhaps most of all, I wonder whether it would be a good idea to shoot 
> all the gcc developers.

What is this, Marxist development?  While we're at it, let's shoot the
guys who advocate shooting gcc developers too.  ;-?

> Or best of all, I think we need better compilers. Better in the sense 
> that they will only compile secure code. And which can prevent coders 
> from doing bad things.

I think we need a better email system.  Better in the sense that it
will only communicate secure ideas.  And which can prevent writers
from spreading bad ideas.

The job of a compiler is to make the machine do what the program says
to do.  It is not to "understand" the program or to decide whether it
is a "good" program.  It is not to second-guess the programmer about
what the program says to do.  I'm sorry, Mr. Fairbrother, that the GCC
team built a great compiler that does what it's supposed to do.  Feel
free to stop using it anytime you like.

And feel free to write a better compiler.  We did, you can too.  You
can even start with ours and improve it to be better.  Which
improvement are you going to make first?  You could start by adding a
-Wsecurity option that programmers could use to more strictly diagnose
code that is part of a security system.  What particular "top five or
ten" checks would you add?

> I am no expert in bugs, but it seems to me ...

It is clear that you are no expert in bugs.

GCC goes substantially further than most compilers in diagnosing
dubious programmer instructions.  Besides the errors and warnings that
it catches by default, it lets you turn on a broad range of other
warnings.  In projects that have eliminated all such warnings, gcc
also lets you make any new warning into an error that will force the
code to be looked at and revised by the programmer.  But you can never
make such things foolproof, because the world is always producing new
and better fools.

	John Gilmore

Disclaimer: I wrote tiny amounts of code in GCC, and co-founded and
co-managed the business (Cygnus Support) that brought GCC from working
well on a few architectures, to working reliably on a dozen
architectures.  Throughout the 1990s, we raised millions of dollars a
year from customers, and spent it on making better free-as-in-freedom
compilers for them and for everyone.  So shoot me, too.




More information about the cryptography mailing list