2015-03-06 9:58 GMT+01:00 Raf Czlonka <rczlo...@gmail.com>: > On Fri, Mar 06, 2015 at 02:13:59AM GMT, Theo de Raadt wrote: > >> >On Thu, Mar 05, 2015 at 08:24:47PM GMT, Theo de Raadt wrote: >> >> >Ingo, >> >> > >> >> >On Mar 05 18:11:31, schwa...@usta.de wrote: >> >> >> By the way, lynx(1) removal doesn't really hurt that much. >> >> >> Rotten code that will hurt more when it will finally be deleted >> >> >> includes, for example, the sqlite3(1) library and file(1). >> >> > >> >> >can you please elaborate on what's rotten in sqlite? >> >> >> >> Jan, can you please start from the other end, and provide evidence >> >> that the code is of the highest possible quality? >> > >> >Hi Theo, >> > >> >Based on the above, Jan hadn't made any such claims so no evidence is >> >required. He only asked Ingo to support *his* claim - more info, for >> >mere reference, if nothing else, would be greatly appreciated. :^) >> >> Please run something else. You'll be happier. Really. You don't >> need code-fussy people around you. > > I'm not unhappy with SQLite, so would genuinely like to know what's so > bad about it - it seems Jan would too. Neither Marc nor Stefan consider > SQLite *that* badly rotten - Ingo does. Jan would like to get more > information about it and so would I. > > If someone makes a claim, it's only fair to ask them to support it with > examples. Now, to jump ahead of your next reply - neither Jan nor myself > made any claims. >
I believe Theo already told what's wrong with SQLite. His words were "The code uses risk-prone idioms." if I'm not mistaken. A lot of arguments advanced to keep lynx where basically "don't act unless there is a security issue". From what I see, OpenBSD dev act against code which might be source of issue. That's why there is so few vulnerabilities in base. The bad code was already gone when those are found in other OS. By the way, is there a list a common risk-prone idioms ? -- Cordialement, Coues Ludovic +336 148 743 42
