kragen@pobox.com kragen@pobox.com
Wed, 12 Dec 2001 21:18:46 -0500 (EST)

Gary Lawrence Murphy writes:
> >>>>> "k" == kragen  <kragen@pobox.com> writes:
>     k> What test would I use to grant such a license?  I'd want to 
>     k> see evidence of at least four years of apprenticeship under 
>     k> a good hacker, competence in finding bugs in toy programs, 
>     k> and a record of published, widely-used, source-available 
>     k> software behind them.
> Like Eric Raymond ... and the critical buffer-overflow bug in 
> Fetchmail?

That's a perfect example --- having a paper trail of code like that is
a good way to judge someone's record at writing reliable software.  I
don't know the details of the fetchmail bug.

> Eric's about as qualified as you can get, yet if you depended on
> fetchmail for something critical, you'd better hire a fulltime
> watchman.  That doesn't detract from his skill; it's just a fact of
> our lives.

It may not detract from his skill, but it does suggest he isn't always
as careful as he should be.  Maybe he's more careful than most, or
maybe not.

> Someone hit the nail on the head, though, by saying that, when we
> write software, it is almost always used in scenarios for which it
> was never designed.

Was fetchmail being used in such a situation?