From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 2002:a24:7907:: with SMTP id z7-v6mr1059403itc.4.1539885264006; Thu, 18 Oct 2018 10:54:24 -0700 (PDT) X-Received: by 2002:aca:7552:: with SMTP id q79-v6mr556219oic.1.1539885263846; Thu, 18 Oct 2018 10:54:23 -0700 (PDT) Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!feeder.eternal-september.org!news.gegeweb.eu!gegeweb.org!usenet-fr.net!proxad.net!feeder1-2.proxad.net!209.85.166.215.MISMATCH!z5-v6no31835ite.0!news-out.google.com!n199-v6ni43itn.0!nntp.google.com!z5-v6no31832ite.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Thu, 18 Oct 2018 10:54:23 -0700 (PDT) In-Reply-To: Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=2003:c7:83d2:562e:9080:c00f:9918:9322; posting-account=rmHyLAoAAADSQmMWJF0a_815Fdd96RDf NNTP-Posting-Host: 2003:c7:83d2:562e:9080:c00f:9918:9322 References: <7fcdcc97-67e4-473b-abc4-cd0ecd4501ad@googlegroups.com> <8f6c0bfa-f7ed-4bee-a766-c786269f13a1@googlegroups.com> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <80e23f09-06ac-4112-9b7f-e765266a952d@googlegroups.com> Subject: Re: Is the Documentation In a spec File Usually Enough For You ? From: AdaMagica Injection-Date: Thu, 18 Oct 2018 17:54:23 +0000 Content-Type: text/plain; charset="UTF-8" Xref: reader02.eternal-september.org comp.lang.ada:54633 Date: 2018-10-18T10:54:23-07:00 List-Id: Am Donnerstag, 18. Oktober 2018 19:29:16 UTC+2 schrieb Jeffrey R. Carter: > On 10/18/18 11:06 AM, AdaMagica wrote: > > Am Dienstag, 16. Oktober 2018 18:57:51 UTC+2 schrieb Jeffrey R. Carter: > >> > >> That the function returns the same password for the same inputs, and the > >> passwords have all the desirable features for generated passwords: they appear > >> random, contain characters from all the major food groups, and give away nothing > >> about the master password. > > > > This is what I mean. There is no requirement defined for this operation. So how can I as a user know what I get? So you have to put this in the spec as a description. Then a user can make test to check whether the claims are true. > > I'm not sure I agree. This is package Password_Generation, function Generate, a > service to generate passwords. I think that is clear from the code and needs no > further explanation. The description above is simply the definition of a good > generated password. > > I don't think this spec should be a tutorial on password generation. Someone > looking at it wants to generate passwords, and should know why one generates > passwords and what the qualities of a good generated password are. So just say WHAT it does, not HOW it does. If you do not say that your code produces a good password, how can the user know he will get a good password? He must trust JC because he possibly knows him personally or because he uses other well defined and well written sw from him. But I claim: In SW, there must be no such trust. JC may just have been being lazy in this case. And I further claim there are tons of bad SW around. Just because a unit's name says XXX, there is no guarantee that it indeed does XXX. If I were looking for password generators, I would not waste my time in trying some that don't claim to produce good ones; instead I'd pick one with such a claim and test it thoroughly.