Re: packages and private parts

[Jeff Carter <carter@innocon.com>]

Robert Dewar wrote:
> As for the "destroying safety and robustness issue", I think this is
> totally bogus.
> 
> The safety and robustness of a system depends on the integrity of
> the sources. If anyone can go changing sources then of course any
> guarantees on private part integrity are destroyed, and furthermore
> the user of the package has potentially no knowledge that it has
> been destroyed in this way. Clearly this is swomething that CM
> systems must protect against.

Except, of course, that anyone can write a child without changing
sources, but with the same effect. Putting the sources under CM doesn't
prevent this.

> Child packages are much safer. If you have a set of packages from
> a "great designer", and want to use them, then use them, do NOT
> use any suspicious non-official children! Remember that a program
> is only affected by the presence of child packages if it directly
> or indirectly with's these children.

How do you know which children are official and which are not? How do
you know whether a programmer has written and used an unauthorized child
that is not known to the rest of the system?

> Remember also that the integrity of private parts is always
> attackable using unchecked convrsion. You expect to be able to
> defend against this with rules that limit the use of UC, so put
> into palce appropriate rules that limit the use of child packages
> if you are concerned about this problem, and possibly enforce
> them with your CM package, if this is useful.

Unchecked_Conversion and overlays using an address clause are easy to
detect. Child packages are very difficult to detect.
-- 
Jeff Carter
Innovative Concepts, Inc.

Now go away, or I shall taunt you a second time.