"Secure coding" audit checkers and Kerberos
tlyu at MIT.EDU
Wed Oct 15 17:47:33 EDT 2008
Ken Raeburn <raeburn at MIT.EDU> writes:
> You could make similar, vague non-portability claims about sprintf;
> after all, "some old systems" returned char* instead of int, so you
> really can't use it portably, right? If we've got concrete data of
> modern systems (or at least systems people are still running, that
> otherwise provide the facilities we require) with particular problems,
> we can address them.
> At some point we need to just tell people to join the 21st^H^H^H^Hlate
> 90s and run something vaguely compliant with standards and with at
> least some attention to security.
Agreed. See also "Supported platforms" (which I am working on
clarifying). I think that our resources can be better spent on modern
and security-conscious platforms.
More information about the krbdev