> That being said: > It seems to me that the quoted text in your message suggests to me that > Ingo was asking for specifics about the quality of sqlite. That seems > like a reasonable request to me.
Discussing something does not change it. A review of libsqlite source code will demonstrate that it is written using many old practices of coping with "older systems". Many of the same techniques that caused unneccessary risk in OpenSSL. I'm not bringing up OpenSSL for drama. When software uses many practices to support .01% of users, the other 99.9% of users accumulate those risks too. Those kinds of coding practices are widespread in many codebases, which sometimes have unfortunately risen to the top of the pack of choice. Unfortunately many such projects lack developer bandwidth or initiative for re-evaluation and moving to newer practices. This is not a condemnation, just an observation. In general OpenBSD has avoided such upstream software packages. Another example here is unbound and nsd, which do not use the kernel random-port selection mechanism. Instead, it uses a portable method for random port selection, which comes with some significant downsides. Upstream software sometimes comes with downsides. Can't help it, and often we fork. But this really is not a mailing list of people who read the actual source code, is it... so what was the discussion about again? Simple "I want something you don't give me" rage?
