"Secure coding" audit checkers and Kerberos

Tom Yu tlyu at MIT.EDU
Wed Oct 15 17:47:33 EDT 2008

Ken Raeburn <raeburn at MIT.EDU> writes:

> You could make similar, vague non-portability claims about sprintf;
> after all, "some old systems" returned char* instead of int, so you
> really can't use it portably, right?  If we've got concrete data of
> modern systems (or at least systems people are still running, that
> otherwise provide the facilities we require) with particular problems,
> we can address them.
> At some point we need to just tell people to join the 21st^H^H^H^Hlate
> 90s and run something vaguely compliant with standards and with at
> least some attention to security.

Agreed.  See also "Supported platforms" (which I am working on
clarifying).  I think that our resources can be better spent on modern
and security-conscious platforms.

More information about the krbdev mailing list