[OT] NSA guidance on software security
Siarhei Siamashka
siarhei.siamashka at gmail.com
Sat Nov 12 09:40:34 UTC 2022
On Friday, 11 November 2022 at 16:10:56 UTC, bachmeier wrote:
> Your comment seems to miss the point. By declaring main @safe,
> you are ruling out various pieces of the language that are
> unsafe, which is exactly what you want if safety is the
> priority. You are arguing instead that @safe doesn't work
> because it prevents you from doing something that is
> potentially unsafe.
My comment is precisely on point and you just seem to be unable
to see a bigger picture.
NSA is just providing a general safety recommendation. Similar to
how some sort of a health organization would generally recommend
to eat more vegetables. Or wear a mask in public places, become
vaccinated against COVID. Such health organization may list a few
COVID-safe countries as an example. Suddenly the residents of
country D are upset that their country is not listed as an
example of a COVID-safe country. Now looking at the facts, nobody
wears a mask in country D (they are arguing that masks are less
important than vaccination so it's okay). Also vaccination is
available as a free option for any D resident, but it is not
being promoted or enforced. Why won't that damn health
organization add country D to the list of examples of COVID-safe
places in their newsletter? Must be a conspiracy.
Continuing that health organization allegory. One D resident
argues that if I care about my personal safety, then I should
just become vaccinated myself and everything will be fine. No,
this is not fine! And this person just turns a blind eye to a
bunch of unvaccinated people roaming in public places and
spreading infection in the ecosystem of country D. These other
unvaccinated people make me less safe in the D community
regardless of my own personal safety countermeasures. Oh, and
these people don't wear masks either.
If it's too tricky to decipher, then here are some hints:
vaccination => @safe attribute
masks => arithmetic overflows checking
D country => D language
health organization => NSA
D resident => bachmeier
My point is that as long as the @safe attribute is not used by
default (with a way to opt out by overriding it), very few dub
package authors and even Phobos authors care about safety and
@safe attribute compatibility. The quality of their code also
affects the safety of the others in the D ecosystem.
What's up with the standard `readln` function being incompatible
with @safe? This even is not a new discovery and nothing was done
about it for years:
https://forum.dlang.org/post/eaoezjlolelmnxptlqzy@forum.dlang.org
Also why do people even have to write things like
https://forum.dlang.org/thread/ilhighccvpjzbblwyqlu@forum.dlang.org about avoiding raw pointers and malloc? Just be @safe and the compiler will complain about potentially dangerous things.
More information about the Digitalmars-d
mailing list