[Cryptography] GnuTLS -- time to look at the diff.

Phillip Hallam-Baker hallam at gmail.com
Thu Mar 6 03:12:02 EST 2014

On Wed, Mar 5, 2014 at 11:24 PM, Tony Arcieri <bascule at gmail.com> wrote:

> On Wed, Mar 5, 2014 at 6:13 AM, Lodewijk andré de la porte <l at odewijk.nl>wrote:
>> What's up with using GOTO in very secure applications? Isn't it wiser to
>> use a functional programming -ish approach?
> People are writing this stuff in crappy, memory unsafe languages. Maybe
> that's the thing that needs to be reconsidered.

People can write good code using gotos... but most do not

People can write code without memory leaks in C or C++... but most don't

People can write comprehensive test suites for certificate checking... but
so far none has been mentioned so I don't think they did.

Coding risk is just another risk and there are different ways to control.
We have just seen the failure of the open source security argument. There
are many good reasons to use open source licenses and public domain. But
publishing the source code does not sprinkle magic security dust over it.

What it does mean is that we have the chance to learn from the error should
we choose to..

Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140306/e5d7d2dc/attachment.html>

More information about the cryptography mailing list