On Sun, 2007-05-20 at 11:56 +0200, Alex Riesen wrote: > Timo Sirainen, Sun, May 20, 2007 04:25:42 +0200: > > --- > > commit.c | 30 +++++++++++++----------------- > > local-fetch.c | 34 ++++++++++++++++------------------ > > 2 files changed, 29 insertions(+), 35 deletions(-) > > I find it hard to believe that it actually was a cleanup. > > It is a nicer code, but... it is bigger, heavier on stack, and it does > not actually fix anything. > > In my experience, such changes are seldom worth the effort. It may be > a nice code (and I actually like str.[hc]), but its use _must_ be > justified. I.e. it must simplify a complex formatting routine, or fix > a bug, which otherwise would be too hard or ugly to fix. It is > definitely not the case in this patch. In my own projects security is the highest priority and it justifies pretty much all changes. I've done several large changes that change thousands of lines of code just because it makes it a bit easier to verify the code's safety/correctness. I realize that other projects may not want to use all of the tricks that I'm using in my C code (type safe dynamic arrays, type safe context pointer in callback functions, etc.), but I was hoping that at least the libc string handling functions would never be used in a large project anymore. Using them makes it extremely time consuming to verify the code's safety, and at least I try to avoid software if I can't do that.
Attachment:
signature.asc
Description: This is a digitally signed message part
