Re: Is the Documentation In a spec File Usually Enough For You ?

[AdaMagica <christ-usch.grein@t-online.de>]

Am Donnerstag, 18. Oktober 2018 19:29:16 UTC+2 schrieb Jeffrey R. Carter:
> On 10/18/18 11:06 AM, AdaMagica wrote:
> > Am Dienstag, 16. Oktober 2018 18:57:51 UTC+2 schrieb Jeffrey R. Carter:
> >>
> >> That the function returns the same password for the same inputs, and the
> >> passwords have all the desirable features for generated passwords:  they appear
> >> random, contain characters from all the major food groups, and give away nothing
> >> about the master password.
> > 
> > This is what I mean. There is no requirement defined for this operation. So how can I as a user know what I get? So you have to put this in the spec as a description. Then a user can make test to check whether the claims are true.
> 
> I'm not sure I agree. This is package Password_Generation, function Generate, a 
> service to generate passwords. I think that is clear from the code and needs no 
> further explanation. The description above is simply the definition of a good 
> generated password.
> 
> I don't think this spec should be a tutorial on password generation. Someone 
> looking at it wants to generate passwords, and should know why one generates 
> passwords and what the qualities of a good generated password are.

So just say WHAT it does, not HOW it does.

If you do not say that your code produces a good password, how can the user know he will get a good password? He must trust JC because he possibly knows him personally or because he uses other well defined and well written sw from him.

But I claim: In SW, there must be no such trust. JC may just have been being lazy in this case.

And I further claim there are tons of bad SW around. Just because a unit's name says XXX, there is no guarantee that it indeed does XXX.

If I were looking for password generators, I would not waste my time in trying some that don't claim to produce good ones; instead I'd pick one with such a claim and test it thoroughly.