1. 21
  1.  

  2. 4

    I don’t really understand why there’s a Gitbook for this. It doesn’t seem to contain anything that couldn’t simply be in the README on GitHub, and even the documentation isn’t in there…

    Code is written according to the rules of the CERT C Coding Standard

    That said, it’s great to see a project that strictly adheres to these kinds of secure coding standards. We need more of this in the software development community, in general.

    1. 4

      I don’t really understand why there’s a Gitbook for this. It doesn’t seem to contain anything that couldn’t simply be in the README on GitHub, and even the documentation isn’t in there…

      One important advantage over a github README is that this way it’s entirely independent from GitHub.

      Regarding the CERT C Coding Standard, I’d be curious to hear from the author what it means concretely. The last time it was discussed here, my impression was that guidelines were rather along the lines of “be careful about overflows and with null-terminated strings”.

      1. 5

        One important advantage over a github README is that this way it’s entirely independent from GitHub.

        I don’t see the connection.

        There is no ‘GitHub README’. There is a readme file, which is included with libspng and hosted wherever it is hosted; if it happens to be on github, then it will be there, but the readme is no more dependant on github than the rest of the library.

        1. 2

          Agreed, I should revise my statement from

          it’s great to see a project that strictly adheres to these kinds of secure coding standards

          to

          it’s great to see a project with the goal of strictly adhering to these kinds of secure coding standards

          since I suppose we don’t know how closely the author follows the CERT, especially if the warnings are sometimes as vague as “don’t have a bug”.

          I still think it’s good that they’re trying to adhere to some standard. At least that gives the community surface area to critique. A project without guidelines is much harder to fix

      Stories with similar links:

      1. libspng 0.4.4 - modern alternative to libpng, single source/header pair authored by randy408 6 months ago | 9 points | 5 comments
      2. libspng 0.4.0 - First stable release authored by randy408 9 months ago | 13 points | 3 comments