From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: dekkzz78@gmail.com Newsgroups: gmane.emacs.help Subject: Re: Re: CVE-2017-14482 - Red Hat Customer Portal Date: Fri, 29 Sep 2017 15:59:21 +0100 Message-ID: <20170929145921.GA5297@TP-x61s.localdomain> References: <1b3bec6e-d4d5-37a7-ba54-49bd2d8281bd@yandex.com> <86k20qbcu9.fsf@zoho.com> <86o9q0a8zc.fsf@zoho.com> <87vak8rwcx.fsf@qcore> <87mv5is54g.fsf@qcore> <4d048ea0-5c54-f5ba-c903-78614480ac76@yandex.com> <83a81d8ylf.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Q68bSM7Ycu6FN28Q" X-Trace: blaine.gmane.org 1506703430 13739 195.159.176.226 (29 Sep 2017 16:43:50 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Fri, 29 Sep 2017 16:43:50 +0000 (UTC) User-Agent: Mutt/1.9.1 (2017-09-22) To: help-gnu-emacs@gnu.org Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Fri Sep 29 18:43:45 2017 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dxyO3-0002jT-EN for geh-help-gnu-emacs@m.gmane.org; Fri, 29 Sep 2017 18:43:39 +0200 Original-Received: from localhost ([::1]:36124 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dxyOA-0003oS-KW for geh-help-gnu-emacs@m.gmane.org; Fri, 29 Sep 2017 12:43:46 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:48475) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dxwlG-0002zJ-N0 for help-gnu-emacs@gnu.org; Fri, 29 Sep 2017 10:59:31 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dxwlD-0003iL-KY for help-gnu-emacs@gnu.org; Fri, 29 Sep 2017 10:59:30 -0400 Original-Received: from mail-wr0-x22a.google.com ([2a00:1450:400c:c0c::22a]:56554) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dxwlD-0003hu-8Q for help-gnu-emacs@gnu.org; Fri, 29 Sep 2017 10:59:27 -0400 Original-Received: by mail-wr0-x22a.google.com with SMTP id r74so2459993wrb.13 for ; Fri, 29 Sep 2017 07:59:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to:user-agent; bh=/iSBO5u0rnYfvwCM3RncZvcZTBa1dWV9kJzs223+x90=; b=Cxxq8B/MGjKLGQb698mCtXBCgjUYiL/oglmyFoiQkFnQGtZDsc4pOjeNXHln77vGsl DKZw3mHIlXLDcYC82Celqu4EZrqRQ3+HAx5F4DKXEaX5+0lJsStMP/crpWXEADuw/eFa 8f37oNLVjPeQgw/GWuciv1Xllh6lWWN7QAA1rnbA74tz6H98jJfFM5efJezWXRvmq+ag tuxIwAXxgWQKJ0j8a7+d08xC3XYMSv3HmGFw6nprX8auP4h5pkhHHgHwp1fKlliikio+ WaLWk1i6yWa78OTbuYo2h2L2toDLk87KRzJTahkFO5I1N6Z30w3vhMKZLKjBwbhxooOt 3huw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:mail-followup-to :references:mime-version:content-disposition:in-reply-to:user-agent; bh=/iSBO5u0rnYfvwCM3RncZvcZTBa1dWV9kJzs223+x90=; b=mgzcQ+2lld5QftoIa1tC2rtEPe+7Ll8a4JOZSxOMwX3tDDNEdCMy32f2X3L+G2/IDU a7yWvTam5u5audCMz9HwNV1nByjhunXS8Fxcel1oNi13P5Nzx+vy/IcmBIWqpP5lv8wq Qe8ymuw4GEovsGI/hrroVAM3M6h5oTFxKSQtimMeA3XfN4GrhVjFM7OBZYQCFxkIjqVW h+n+dXsg0eMURB+H9puJUBLYD2p438c8UBm1Qge1RAOxvbylfujMC4+u9nlIinMb7t0Z CldYo68SZOBvM9/2w2cvz/iDR+6O2nqx+Z4ySx5REx6AquC1t6TStqSr5B+0tLjG9ZyK bgig== X-Gm-Message-State: AHPjjUg6x6PHI1yxmyJZJIIltlTuWs+FqP+bA4fEzqQeBkbklAxD6PqV H9R6c2Vh0py4Summ4TCriA6lRg== X-Google-Smtp-Source: AOwi7QDeG4LkXviLK1wkgmOOEqIxi5ysA6VPvhGQsVyIIAOxmCCSpttmOjA8kzmsWurxNET5mBNm6w== X-Received: by 10.223.172.228 with SMTP id o91mr7186781wrc.259.1506697164346; Fri, 29 Sep 2017 07:59:24 -0700 (PDT) Original-Received: from localhost (88-108-10-122.dynamic.dsl.as9105.com. [88.108.10.122]) by smtp.gmail.com with ESMTPSA id r21sm2048328wmd.26.2017.09.29.07.59.22 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 29 Sep 2017 07:59:23 -0700 (PDT) Mail-Followup-To: help-gnu-emacs@gnu.org Content-Disposition: inline In-Reply-To: <83a81d8ylf.fsf@gnu.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::22a X-Mailman-Approved-At: Fri, 29 Sep 2017 12:43:21 -0400 X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.org gmane.emacs.help:114473 Archived-At: --Q68bSM7Ycu6FN28Q Content-Type: text/plain; charset=utf-8; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 09/29, Eli Zaretskii wrote: >> From: Mario Castel=C3=A1n Castro >> Date: Tue, 26 Sep 2017 09:46:46 -0500 >> >> > "correct" means that the client (the people who required the software) >> > says that the program fulfills his requirements. Sometimes you need to >> > wait an infinite amount of time for obtaining client's approbation :-) >> >> The same answer applies: If a client either provides himself or accepts >> a formula in formal logic as a description of his requirements, then >> yes, we can prove that a program is correct according to this concept. >> >> If the client can not provide an *absolutely accurate* description (this >> is necessarily a specification in formal logic) of what his requirements >> are, then we can not assure the client that the program meets his >> requirements. This is not a fault of the programmer, but of the client >> for being vague about what his requirements are. > >Good luck finding many clients that can provide such a set of >requirements. Most of the projects I deal with in my daytime job have >to do with clients that cannot even provide _in_formal requirements, >and depend on me and my team to do that for them. Ouch - there's a project doomed from the start. >> > [=E2=80=A6] We must provide what is requested from us, in >> > terms of functionality, performance and cost [=E2=80=A6] >> >> Somebody has to take a decision between cheap software and reliable >> software. Those are mutually exclusive. > >The world is not black-and-white, it's an infinite set of gray shades. >If you are running a practical operation that needs to satisfy clients >and be self-sustaining, you will have to choose one of those shades. >You seem to be advocating the "reliable software" extreme, which, >according to your definitions, is unreachable in any practical project >of a large enough size. This is a kind of academic solution that does >not translate well to any software engineering practices that lead to >a delivery soon enough for clients to want to order your solutions. > >IOW, I'm firmly with =C3=93scar here. > >> The predominating choice is cheap software. As evidence for this claim I >> note the very high frequency of bug reports including security >> vulnerabilities. That's more to with poor teaching & understanding of how to code securely. >I think you are misinterpreting the reasons for those bugs and >vulnerabilities. The real reasons are the tremendous complexity of >software we are required to produce nowadays, and the respectively >inadequate level of formal-proof technologies that prevent their use >in large-scale projects. > >IOW, we are simply trying to solve problems that are in principle >insoluble with the current technology. So what we get are solutions >that are 90% reliable, and the rest are bugs and vulnerabilities. > >> I have spent already enough time addressing your misconceptions. If you >> reply to this message with even more misconceptions, I will not reply >> because I am unwilling to spend even more time explaining what you >> should already know. It is *YOUR* task to make sure you know what you >> are talking about (and you have failed so far), not mine!. > >Please consider dropping your arrogant style and allow that others >come into this discussion with some level of experience and knowledge, >which should be respected as valid, instead of discarding it. If you >disregard engineering practices, then your pure science is not >interesting, at least not to those who have practical problems to >solve every day. > --Q68bSM7Ycu6FN28Q Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEPfgxHEdAtbw4Z3LfEFBFL5vOugAFAlnOX6YACgkQEFBFL5vO ugBBwhAAoWaBdSfw9kLnISRvFO/SChXTG4+X8GxYD4reV1O2v4TzMNBZbfg1y8BQ pVpMya0unvBK7FIuNfALaXBny3iyhwnuOj33vz22by/y0cEPHm+J+OSM9mF74kPw c2Y2GktYNUZKDwvyLJRqd5Dw4vhuQURifYNyMsTUSkBBKkG1NVEw0DPzt6gdxbb7 cXWYtR3nD4OeMt4vyDh46iQgU4k/EhyoBTyjNtpjKoaLjlUJvbAsuXTaSMBQUfI8 7P8Yx6wq2Ji31IaO4O8wThPbaqDBrc2MYFXA+eCsQjOxkeVFXa/RQPozhsPhue0x kLlJ31HZTts/CQ1DpIgoOkAZBMOlRseHdB03Ow1T75OjE44YF3wpo4qIcPhy5mKV 4hIbUnSDaNRUzvjCPFgfwK/ehDmmVrERD1nVgm8Y+MRFXIH7O5xa5G+ee6Q7Vdgn Ma5W0vPfDxlB53WOwIuX9szzeDTgW1oZNf6BGrPtnqPzOJP2w0xSAlP92jpNy/+X wGMzJbl/Hat+SG6xOA88xRkLDiDFzqpoITGDAyVbjoDCYdjgwt5dA817mypcS8mU uMQNYLGRu7SgRmv7ek7oL5Hw9j5UgbXDLH5oJX0RxbHNS0QQ6hV9/w0V4VbXjniV yHu3sRrcoyn47b0Xx+VOZTb7inZBUDXLyEhisr+vh/rsyEjE/bw= =MVMM -----END PGP SIGNATURE----- --Q68bSM7Ycu6FN28Q--