[openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Fri Feb 26 19:54:32 UTC 2016
>>> Nonsense. Source code is not API documentation, it is an
>> > implementation, not an interface contract.
>>
>> I'm not sure I'd consider it nonsense.
>
>Comments in source code are not documentation, they explain the
>internals of the implementation, not the contract.
Actually they can (and should) be both.
>Users of a library need to depend on documented semantics, not
>implementation
>artefacts.
True. But at the very least the two shouldn’t say different things. :-)
>>Studying source code on occasion is simply par for the course when
>> working with open source libraries.
>
>Here, by "open source" you mean poorly maintained. I'd like OpenSSL
>to leave that legacy behind. Not all open source software is poorly
>maintained and under-documented.
Here you equate “poorly documented” with “poorly maintained”. I’m not sure
it’s always true.
>All I'm saying is that documentation is not optional. Neither source
>code nor header files are documentation.
Yes, I completely agree with this.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4324 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160226/d2891c86/attachment-0001.bin>
More information about the openssl-dev
mailing list