[Asterisk-Dev] Is anyone thinking anymore?

[Mike Coakley]

All,

I've been watching this thread and while I have not contributed 
anything to * YET, I'm going to add my 2 cents.

First... I've been a systems developer and systems analyst most of my 
programming career (past 15 years professionally). Anyway... one thing 
I find with a lot of Open Source software is that while a lot of 
initial planning may have happened once things are released into the 
wild blue and all of the external influences start get kicked in things 
go a little haywire.

What is trying to be discovered here is that due to the fact that there 
are so many contributors to the code base there are varying levels of 
development skills and therefore different threat levels to the code. 
To me the best suggestion so far on the list was the creation of an 
ast-strncopy routine. This (as in the OOP world) encapsulates the 
knowledge of code security or the good coding practices and eliminates 
the need for every coder to "remember" to code things properly. The 
only thing a coder must remember now is to use the proper API which by 
default is a requirement.

I want to emphasize that I haven't read through all the code YET and it 
sounded like to me (someone earlier in the thread mentioned) that the 
code was going through a review. During this review code should be 
abstracted to simplify the code base and provide a richer API for 
encapsulation of knowledge. This can only (a) make the code more secure 
and (b) more self-documenting. The self documenting part is really 
important not only for the obvious reasons but because as you create a 
larger API set there is a longer ramp-up time on learning the system in 
order to contribute code which as we all know is vital to Open Source 
moving forward.

Sorry for the length... just have my analyst hat on and wheels were 
spinning.

Mark et al keep up the good work. Great system and enjoy using it 
everyday.

Mike