[openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity
Jeffrey Walton
noloader at gmail.com
Fri Feb 26 17:50:24 UTC 2016
On Fri, Feb 26, 2016 at 12:42 PM, Viktor Dukhovni
<openssl-users at dukhovni.org> wrote:
> On Fri, Feb 26, 2016 at 12:37:22PM -0500, Jeffrey Walton wrote:
>
>> It seems like (to me) the the most direct way to mark a function as
>> private is to add a comment in the source code stating such.
>
> Nonsense. Source code is not API documentation, it is an
> implementation, not an interface contract.
I'm not sure I'd consider it nonsense.
Studying source code on occasion is simply par for the course when
working with open source libraries. I'm not sure how that no longer
applies. That won't chnage by fiat.
In my naiveness, if you want something to be private, then you don't
expose it to the outside world.
It also seems like if a function leaks into a public header, then you
state that its private and it should not be called. What's the
aversion to a clearly and succinctly stating something?
>> ...
>> it also seems like (to me) that tying bug fixes to documentation is a bad idea.
>
> Bug fixes to undocumented functions will be buggy, and the
> documentation will never happen. We need to improve code quality,
> a good part of that is having documentation.
It sounds like you are trying to get half pregnant. If the code is
buggy, then it should be fixed or removed. There's no middle ground.
Jeff
More information about the openssl-dev
mailing list