Re: [sage-devel] Cliquer - upstream modifications and dubious code

Wed, 15 Sep 2010 05:56:39 -0700 

 This might be of interest on security grounds:
http://www.amazon.com/Secure-Coding-Robert-C-Seacord/dp/0321335724

On 9/15/2010 6:46 AM, Dr. David Kirkby wrote:

On 09/15/10 06:17 AM, Minh Nguyen wrote:


I'm disheartened that this happened. One should not modify upstream
source, but place patches against upstream source under the directory
patch/.
I think you mean "patches". I did notice a "patch" directory in Cliquer, but
http://www.sagemath.org/doc/developer/patching_spkgs.html#overview-of-patching-spkg-s 

says "patches". That's a minor point though.


I worked on getting Cliquer to build as a shared library on Cygwin,
Linux, Mac OS X and Solaris (t2.math). I take your comments as an
encouragement for me (or anyone) to further investigate how to polish
up the Cliquer spkg. In my programming work, I have been following
advice from E. S. Raymond's book "The Art of Unix Programming" [1] and
D. A. Wheeler's book "Secure Programming for Linux and Unix HOWTO --
Creating Secure Software" [2]. I hope you would continue to share your
thoughts, as you have generous done, on good programming practices so
that contributors to the Sage community can benefit from your
experience.
Clearly Minh you take the time to read up on what are considered good practices, but your attention to such issues is not universal among Sage developers. 

#1 seems pretty useful for all Sage developers to read.
#2 is a bit less so, though clearly anyone dealing with the notebook should look at #2.
IMHO, the notebook is very bad from a security point of view, but I have some sympathy for William over that. He probably never expected to get a large number of people using one sage server, so security was not high on his priority list.
It's s shame there are not any decent books online about best practices in software engineering. Whatever I've found tends to be in expensive books. 


[1] http://catb.org/~esr/writings/taoup/html/

[2] http://www.dwheeler.com/secure-programs/

[3] http://en.wikipedia.org/wiki/Clique_(graph_theory)





--
To post to this group, send an email to sage-devel@googlegroups.com
To unsubscribe from this group, send an email to 
sage-devel+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org

Reply via email to