Vladimir Panteleev
Vladimir Panteleev
I think the implications of the possibility of security risks far outweigh the 4-byte cost of a counter variable.
Sorry if I was too terse or ambiguous. Here's the situation I'm thinking of: A program is generating random tokens (nonces or such) as part of a security protocol. It...
Yes. The protocol might not require that the token be generated from a cryptographically secure random source. As I already said, it might very well be just part of the...
> Then said protocol is as secure as this attack is feasible. If you can break it knowing the token then the protocol is broken. Computer security doesn't work that...
@GallaFrancesco Have a look at the project tester (Jenkins) - this change actually breaks existing D code out there.
Windows is the only non-POSIX system we care about. It doesn't look like Windows has native equivalents for `fdopendir` or `openat`. Here is the approach that Gnulib uses: - When...
> Would this require a PR to DRuntime? Improving our coverage of OS APIs is a worthwhile goal in itself.
OK, so, this is bad. The test failures indicate actual bugs in std.allocator code and unit tests. For example, in the case of FreeList failure, I wrote this program to...
> We have StatsCollector which we can use; either as it is or to build CheckingAllocator on top of it. Ah, okay, I guess we can check for double-frees just...
> I can have a stab at that in another PR. Looks like that wasn't trivial either, started a discussion here: https://issues.dlang.org/show_bug.cgi?id=18877