On Mon, Jul 16, 2018 at 02:36:17PM +0200, Dashamir Hoxha wrote: > On Mon, Jul 16, 2018 at 2:21 PM Holger Levsen <[1]hol...@layer-acht.org> > wrote: > > On Sun, Jul 15, 2018 at 12:41:36PM +0200, Carsten Schoenert wrote: > > Hmm, do you have tried to validate your shell code? > > [2]https://www.shellcheck.net/ > > I just pasted > > [3]https://raw.githubusercontent.com/dashohoxha/pw/master/src/pw.sh > into > > and got quite a lot of problematic remarks. > > I've also done this now and must say/add "ouch": > > I have already answered this. Only one of the suggestions might be useful. > If everything was clean, according to shellcheck, this wouldn't mean at > all > that the program is safe and secure and takes care of all the cases. > I know what is going on in my program better than the mindless shellcheck. > I've been following this thread and it is very difficult for me to understand why constructive criticism from others is so difficult for you to accept.
In general, the community of Debian Developers is very concerned with producing a high quality distribution and also with supporting free software development. The fact that some have taken the time and interest to critique your work is very positive. Yet, you choose to perceive their critiques as an attack and then launch your own counter-attack. I don't mean to lecture, but your responses to several of the messages in this thread indicate that you are likely a younger/junior developer. That is not intended to be disparraging, but rather I am trying to understand the reason for the way in which you have responded in this thread. In my own case, I know that my attitude in response to critique was much like yours, when I was still a young developer who thought he knew it all. Over the years, though, I have come to understand that I know far less than I thought I knew when I was younger. That is, the world of programming knowledge far larger than I originally understood it to be. Even now, as a very experienced and senior developer, I frequently seek the advice and review of colleagues whenever I make significant changes to existing code, write new code, etc. I can tell you that I am a far better and more productive developer as a result. Another thing which seems to indicate that you are not particularly mature as a developer is the manner in which you quickly dismiss the results of static analysis. Certainly, there are instances where the tools do not fully understand the meaning of your code and provide false alarms. However, I have come to realize that static analysis is right for more than it is wrong. So, I have adopted the position that unless I can clearly articulate a good reason why the static analysis is wrong and my approach is better (and defend that reason to other programmers more senior than myself), I defer to the tool and fix the code. I do this in several programming languages. Additionally, the argument that you make, "If everything was clean, according to shellcheck, this wouldn't mean at all that the program is safe and secure and takes care of all the cases," is totally invalid. The fact that the tool fails to catch everything is not justification to automatically reject the things that it does catch. If the tool is consistently wrong, contact the developer of the tool with a sample of your code that you think the tool is incorrectly flagging, and convince the tool developer (using a technical and supported argument) why the tool should be updated. Your discussion with the tool developer might reveal to you that there is a defect in your own code that you did not understand. I encourage you, for your own benefit to accept the criticism from myself and others in the spirit in which it was intended: to help you produce a better free software tool and to improve as a developer. Regards, -Roberto -- Roberto C. Sánchez