From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: [PATCH 1/1] gnu: Add acme-client. Date: Fri, 2 Sep 2016 14:58:27 -0400 Message-ID: <20160902185827.GA31989@jasmine> References: <57C9BE93.7090206@goebel-consult.de> <20160902185028.GB31756@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:57416) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bftg2-0006CO-SY for guix-devel@gnu.org; Fri, 02 Sep 2016 14:58:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bftfy-0007uh-Nr for guix-devel@gnu.org; Fri, 02 Sep 2016 14:58:57 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:52376) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bftfx-0007sb-HN for guix-devel@gnu.org; Fri, 02 Sep 2016 14:58:54 -0400 Content-Disposition: inline In-Reply-To: <20160902185028.GB31756@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Hartmut Goebel Cc: guix-devel@gnu.org On Fri, Sep 02, 2016 at 02:50:28PM -0400, Leo Famulari wrote: > > *shiver* Why would one implement this in an language like C, which is > > prone to buffer overflows, if there are implementations available in > > more secure languages? > > I wouldn't propose this package if it wasn't part of OpenBSD's base > system: > > http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/acme-client/ To clarify my statement, I think the OpenBSD project has a reputation for writing good C. Also they design software to fail safely, by designing privilege separation into their tools, inventing and using pledge(2), etc. This portable version of the software only gets some of those benefits, but it does get some of them. That's I didn't propose this package until I saw that it had been reviewed and adopted by OpenBSD.