From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,29d8139471e3f53e X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news4.google.com!feeder.news-service.com!feeder2.cambriumusenet.nl!feed.tweaknews.nl!87.79.20.105.MISMATCH!news.netcologne.de!ramfeed1.netcologne.de!newsfeed.arcor.de!newsspool1.arcor-online.net!news.arcor.de.POSTED!not-for-mail Date: Thu, 16 Sep 2010 22:53:32 +0200 From: Georg Bauhaus User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.9) Gecko/20100825 Thunderbird/3.1.3 MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Securing type extensions References: <87iq2bfenl.fsf@mid.deneb.enyo.de> <874odv9npv.fsf@ludovic-brenta.org> <87y6b7cedd.fsf@mid.deneb.enyo.de> <66a3704c-54f9-4f04-8860-aa12f516134b@t3g2000vbb.googlegroups.com> <87d3sib44t.fsf@mid.deneb.enyo.de> <134q4k2ly2pf4$.17nlv1q6q5ivo.dlg@40tude.net> <4c8dec8e$0$6990$9b4e6d93@newsspool4.arcor-online.net> <4c8e3f44$0$6769$9b4e6d93@newsspool3.arcor-online.net> <4c8e87f8$0$6877$9b4e6d93@newsspool2.arcor-online.net> <4c8f4833$0$6763$9b4e6d93@newsspool3.arcor-online.net> <2ka8sfdvyvil.1k714obgzgj3a.dlg@40tude.net> <4c8fe6ad$0$6759$9b4e6d93@newsspool3.arcor-online.net> <1dd5fjdnyl5ek.1ju0bvot51loy.dlg@40tude.net> <4c9130f6$0$7656$9b4e6d93@newsspool1.arcor-online.net> <1rzqpilsu35mh.dzxeefhdmt1s.dlg@40tude.net> <4c920504$0$6767$9b4e6d93@newsspool3.arcor-online.net> <9d43s5gucfe8.1llq6tdbd4e0h.dlg@40tude.net> In-Reply-To: <9d43s5gucfe8.1llq6tdbd4e0h.dlg@40tude.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Message-ID: <4c9283cc$0$6977$9b4e6d93@newsspool4.arcor-online.net> Organization: Arcor NNTP-Posting-Date: 16 Sep 2010 22:53:32 CEST NNTP-Posting-Host: efbfbba0.newsspool4.arcor-online.net X-Trace: DXC=IVceOYXl3J4RLigj];iP=84IUKejV8LDZi^Zf2^P2_;CBgDE4Q86 X-Complaints-To: usenet-abuse@arcor.de Xref: g2news1.google.com comp.lang.ada:14127 Date: 2010-09-16T22:53:32+02:00 List-Id: On 9/16/10 2:45 PM, Dmitry A. Kazakov wrote: >> Party X made a library, L, of O-O types, abstract or not. >> Party Y extends a type in L, say T >> >> I'm talking about how X and Y can trust each other before >> X licenses the library and before Y writes an extension. > > They need not. OK, each party to a legal contract may chose to not care about the consequences of joining untrusted partners in software. I trust they do care. This is why there is software evaluation. >> What technical factors of a language's type extension mechanism >> will likely make X and Y be more confident that nothing will >> go wrong? > > None, not needed, impossible anyway. Why does public key cryptography create confidence when the encryption might fail to protect in some time/case/whatever, since it can impossibly be known to be secure, i.e. may go wrong? Yet you enumerate reassuring language facilities of Ada, noting that static analysis frees you from all concerns? Do I understand correctly? If one approaches program semantics from the world outside the sacred halls of formal illusion, there is a lot between "program's semantics cannot be known" and "program will basically function as intended". This is where lawyers, sales people, engineers, support staff, and customers spend a lot of their time. They give effective meaning to the sentences. This is where trust is generated. > If only signatures could make programs working... The purpose of signatures put under a software contract is to express something related to trust and mistrust. Typically, there is a sentence like "we cannot be held responsible for ... the usual stuff you have in software. But otherwise, ...". >> When you pay, or don't pay, this is easily measured. > > Measured what? Do you trust Microsoft? Programmers trust Microsoft's Visual Studio to basically function as they would expect, and to help them achieve their programming goals. Less so the moment some IDE's reputation is ruined because of poor quality, maybe. The makers go out of business. >> Psychology, politics, ambition and money are undoubtably parts of >> SW engineering, steering the decisions. They are essential to >> engineering in general. > > As a framework they are. That does not make them engineering. Of course, if you define engineering to be tautologically not anything but some idealized clean room acting by the book, a standard to strive for, then whatever makes real engineers' hands move cannot have an influence on their produce. Do you mean the immaculate ideal of engineering, and not the engineering we have, perhaps? Georg