DemesneGH commented on PR #278: URL: https://github.com/apache/teaclave-trustzone-sdk/pull/278#issuecomment-3906077920
I believe the Rust SDK should provide primitives that are as safe as possible. In our context, checking capacity, copying data, and updating the size should be treated as a single atomic operation to maintain consistency. Decoupling them only creates more opportunities for logic bugs (like forgetting to update the size) and leads to redundant error handling. > ~what if someone _doesn't_ want to update the capacity?~ I cannot think of a valid use case for skipping the update... If the capacity is insufficient, why not updating the capacity to inform the client? > maybe we _should_ just always ensure capacity and set updated size when doing copy_from? It also makes sense to me. To keep the API explicit, we may need a more descriptive name than just copy_from to indicate it handles the full lifecycle (check, copy, and size update). ---- Also requesting feedback from @ivila for this API design (once he is available). Since we are heading into the Chinese New Year holiday, our responses would be slower than usual. Thanks for your patience! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
