On Fri, Jan 11, 2019 at 9:33 AM Eric S. Raymond <e...@thyrsus.com> wrote:
> Thomas Bushnell, BSG <tbushn...@google.com>: > > Suppose it has a way, however. Now you have Go code which will have a > > bounds fault instead of a data leak. That's better, I suppose - the > > resulting bug is now "the server crashes" instead of "the server maybe > > leaks a key". This is an improvement, but a packet-of-death across a > widely > > used library this puts the world in a not dissimilar position in terms of > > the level of panic and rapid response everybody needs. > > The difference is trhat an overt bug will elicit a fast fix. > Was the Heartbleed fix particularly delayed? It seemed to be to be all-hands-on-deck. Also, this isn't part of your argument in the past; I would encourage you to make it explicitly, rather than treating it as a matter of "by transpiling we'll eliminate this category of security flaw". If the story is actually "we'll make the bugs more visible and people will panic sooner, resulting in a faster fix", that's a different argument, and I'd encourage making it explicitly instead of implicitly. Thomas -- memegen delenda est -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.