On Wed, Feb 07, 2024 at 09:29:00PM -0800, Junio C Hamano wrote: > Junio C Hamano <gitster@xxxxxxxxx> writes: > > > We could do belt and suspenders by tightening the other callers to > > only expect negative for errors (but then what should they do when > > they receive non-zero positive? Should they BUG() out???) while > > teaching sign_buffer_ssh() that our convention is to return negative > > for an error, of course, but I am not sure if it that is worth it. > > Actually, we could loosen the caller(s) while tightening the > callee(s), which is the more usual approach we would take in a > situation like this. Here is what I am tempted to pile on top of > the patch. > > ----- >8 --------- >8 --------- >8 --------- >8 --------- >8 ----- > Subject: [PATCH] ssh signing: signal an error with a negative return value > > The other backend for the sign_buffer() function followed our usual > "an error is signalled with a negative return" convention, but the > SSH signer did not. Even though we already fixed the caller that > assumed only a negative return value is an error, tighten the callee > to signal an error with a negative return as well. This way, the > callees will be strict on what they produce, while the callers will > be lenient in what they accept. Yeah, I think that would possibly lead to fewer surprises and is worth doing. -Peff
