Tyler Close writes:
>Monty reported this as well. I'm kind of stuck a bit here. Normally, I
>try to provide such documentation for the public APIs intended to be
>called by users of the library and don't for other classes. It's just
>a workload issue. Problem is, in a security review, it's almost like
>every class is public and needs to be well understood by the user
>(security reviewer).
OK, understood. I think in a security review I would have figured
it out. If I had gotten to this ValueWriter, it's probably because
I was looking at something that called it, and I think I would have
gotten a better sense of the intended use of this class.
>With the Prize and Milestone classes, I was working on a hypothesis
>that it might be possible to standardize different coding idioms that
>make it possible for a reviewer to understand code with much less
>documentation. Like pushing the ideas embodied in the Joe-E verifier
>further up the semantic stack. The Prize and Milestone classes are an
>admittedly modest start in that direction, but that was the idea. Seem
>plausible?
Sounds plausible, and I find the idea very appealing. I don't know
if we'll reach "much less documentation" but in some areas less
documentation might suffice.
_______________________________________________
e-lang mailing list
e-lang@...
http://www.eros-os.org/mailman/listinfo/e-lang
