[openssl-users] Initialising OpenSSL more than once - how do we handle this?
openssl at jordan.maileater.net
Mon Jul 30 23:17:42 UTC 2018
On 7/30/2018 11:12 AM, Michael Wojcik wrote:
> As for Jordan's objection: If you don't know the source of your
> "leaks", then I can't say I'm particularly impressed with a
> zero-"leak" policy. That amounts to "let's burn a lot of cycles during
> process termination, rather than understand what we're doing".
*Fully* understanding the implications of a bug can be quite difficult.
Often it is much easier to observe that there is a clear bug, fix it,
and move along. Are there cases where this particular leak is a
problem? Just because the developer can't think of any doesn't mean
that there are none. Is it better to spend developer effort proving
that a particular leak is harmless, or fixing it?
And that doesn't consider the cost to the *next* developer, who runs a
leak test, finds a dozen leaks, and then needs to research each one to
be sure that it isn't a result of their change.
Jordan Brown, Oracle Solaris
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users