Beware of the Dijkstra phenomenon. The phenomenon is that immodular code seems more ``productive'' than heavily modularized code. You can read or write many more lines per hour of malloc(), strcpy(), free() than of unfamiliar high-level routines. Of course, the modular code ends up being _much_ smaller. It also lets you independently check the correctness of each module; this scales to arbitrarily large systems if the modules remain small. Adam Shostack writes: > we attempted to look at the qmail source. (.89 or .91 or so). Things have changed since then. For example, I documented most of the Sub-Standard C Library(tm) in 1997. > We were rarely sure when the code segments we were looking at > were considered security critical. Anything touching the user's mail is security-critical---maybe not from root's point of view, but certainly from the user's point of view. ---Dan Binary qmail distributions are allowed! http://pobox.com/~djb/qmail/dist.html
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:08:47 PDT