"Secure coding" audit checkers and Kerberos

Tom Yu tlyu at MIT.EDU
Thu Oct 16 10:02:39 EDT 2008

Ken Raeburn <raeburn at MIT.EDU> writes:

> On Oct 16, 2008, at 05:32, Simo Sorce wrote:
>> After almost 10 years from C99 avoiding it would be just absurd if you
>> ask me. If there are platforms that really can't cope with C99 after
>> 10
>> years I honestly think nobody should consider using them as a KDC
>> anyway.
> Sadly, C99 compliance often isn't complete or default, even now.  And
> the compiler options for enabling C99 compliance sometimes turn off OS
> extensions; we need some of those extensions, which often require
> other, additional options.  And they're not necessarily something that
> can easily be tested for automatically.

Ten years after C89 was published, compiler and library support were
incomplete on many platforms.  Likewise, almost ten years after C99
was published, compiler and library support for it are incomplete on
many platforms.  My experience is that compilers become conforming
well before libraries do.  For this reason can use new freestanding
language features before we use new library features.

> Still, probably the biggest reason we can't start relying on a bunch
> more C99 stuff in our libraries is the lack of support on Windows.

Specifically, I recall that the Visual Studio suite still lacks C99

More information about the krbdev mailing list