On 7/30/2018 11:12 AM, Michael Wojcik wrote: > As for Jordan's objection: If you don't know the source of your > "leaks", then I can't say I'm particularly impressed with a > zero-"leak" policy. That amounts to "let's burn a lot of cycles during > process termination, rather than understand what we're doing".
*Fully* understanding the implications of a bug can be quite difficult. Often it is much easier to observe that there is a clear bug, fix it, and move along. Are there cases where this particular leak is a problem? Just because the developer can't think of any doesn't mean that there are none. Is it better to spend developer effort proving that a particular leak is harmless, or fixing it? And that doesn't consider the cost to the *next* developer, who runs a leak test, finds a dozen leaks, and then needs to research each one to be sure that it isn't a result of their change. -- Jordan Brown, Oracle Solaris
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users