On Sat, Feb 17, 2018 at 7:36 AM, Niels Möller nisse@lysator.liu.se wrote:
Jeffrey Walton noloader@gmail.com writes:
But production is a different story.... The time for debugging is over...
I would generally assume that there are a few bugs left in also the production code. And I think that in most cases, the bug manifesting itself as an assertion failure is a lot better then the alternatives.
I know there are different opinions. We should support -DNDEBUG builds, but it's not going to be the default in Nettle.
Yes, please do support NDEBUG. I build all my software with it because I don't want to lose the sensitive information.
It is easy enough to audit. Everywhere there is an assert() to assert a condition, then there should be an if() statement with the same test that returns failure. It is OK to avoid processing if you don't like the condition.
Postel's law is dangerous nowadays. The threat landscape has changed. Look for any reason you can to fail processing. If you can't find a reason, then begrudgingly process the data.
I found using the anit-Postel law made my software incredibly stable. It was nearly impossible to make it fail or crash.
Jeff