[Asterisk-Dev] Is anyone thinking anymore?
mcoakley at ioumail.com
Mon Jul 26 08:44:45 MST 2004
I've been watching this thread and while I have not contributed
anything to * YET, I'm going to add my 2 cents.
First... I've been a systems developer and systems analyst most of my
programming career (past 15 years professionally). Anyway... one thing
I find with a lot of Open Source software is that while a lot of
initial planning may have happened once things are released into the
wild blue and all of the external influences start get kicked in things
go a little haywire.
What is trying to be discovered here is that due to the fact that there
are so many contributors to the code base there are varying levels of
development skills and therefore different threat levels to the code.
To me the best suggestion so far on the list was the creation of an
ast-strncopy routine. This (as in the OOP world) encapsulates the
knowledge of code security or the good coding practices and eliminates
the need for every coder to "remember" to code things properly. The
only thing a coder must remember now is to use the proper API which by
default is a requirement.
I want to emphasize that I haven't read through all the code YET and it
sounded like to me (someone earlier in the thread mentioned) that the
code was going through a review. During this review code should be
abstracted to simplify the code base and provide a richer API for
encapsulation of knowledge. This can only (a) make the code more secure
and (b) more self-documenting. The self documenting part is really
important not only for the obvious reasons but because as you create a
larger API set there is a longer ramp-up time on learning the system in
order to contribute code which as we all know is vital to Open Source
Sorry for the length... just have my analyst hat on and wheels were
Mark et al keep up the good work. Great system and enjoy using it
More information about the asterisk-dev