Boost :

Subject: Re: [boost] [xint] Boost.XInt formal review
From: Peter Dimov (pdimov_at_[hidden])
Date: 2011-03-12 09:42:58

• Next message: Chad Nelson: "Re: [boost] [design] policy based. Was: [XInt] Review"
• Previous message: Anders Dalvander: "[boost] [xint] Boost.XInt formal review"
• In reply to: Anders Dalvander: "[boost] [xint] Boost.XInt formal review"
• Next in thread: Jeffrey Lee Hellrung, Jr.: "Re: [boost] [xint] Boost.XInt formal review"

Anders Dalvander wrote:
> On 20:59, Chad Nelson wrote:
> > On Fri, 11 Mar 2011 11:28:25 -0600
> > Nevin Liber<nevin_at_[hidden]> wrote:
> >> This stuff is hard to get right. You are better off not implementing
> >> it.
> >
> > On the contrary. It's *because* it's hard to get right that it belongs
> > in a library.
>
> Yes, it belong in *a* library, but XInt is probably not the correct one.
>
> It should probably be done by the allocator, as someone suggested earlier.

I think that anyone serious about security will probably choose to implement
his own - the work required is the same as auditing an existing library, and
with xint, with its multitude of options that obscure the code to an extent,
it may be even less. The existing "secure" option may be better than
nothing, of course. On the other hand, it creates the famous "false sense of
security".

• Next message: Chad Nelson: "Re: [boost] [design] policy based. Was: [XInt] Review"
• Previous message: Anders Dalvander: "[boost] [xint] Boost.XInt formal review"
• In reply to: Anders Dalvander: "[boost] [xint] Boost.XInt formal review"
• Next in thread: Jeffrey Lee Hellrung, Jr.: "Re: [boost] [xint] Boost.XInt formal review"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk