Aleksey Bragin wrote:
'I read this code and it looked clean to me'
line means that
the commiter
read the code, and assures all or some parts of the following:
1. The code doesn't match any reverse-engineered rules (as on
wiki page regarding Audit)
2. The code is publically documented
3. The code has nothing to do with reverse engineering (has either
completely different implementation from the windows one -
example freeldr
vs. ntldr/osloader, or doesn't have any counterpart in
windows at all).
Then why not describe it using one of the above reasons?
A note such as 'This code uses MSDN documented functions only' is clear and
useful.
A note saying 'I read this code and it looked clean to me' isn't and could
mean anything.
It gives a
good base point for us to start our defence from.
We are not under attack. We are
just doing some preventive measures.
I know. I said 'if the cleanliness of the code is ever questioned again'.
If that does happen, it could be in the form of an attack from an outside
company.
Having a better analysis as to why something was unlocked would be
advantageous if this situation ever arose.
This was all
decided when we originally locked the code,
but no one has been following it.
arty, w3seek, me have been following this rules
on the
possibly dirty code, so please don't speak for everyone.
I don't mean the auditing methods, I mean the lack of useful message.
I'm not accusing or judging anyone, I'm just trying to get a better
unlocking system in place.
As the code we audit gets closer to the border line of clean and dirty,
we're gonna need to ensure we don't leave messages like 'yep, looks ok to
me'
I hope mail this isn't coming across to anyone as argumentative. It's
difficult to have a conversation over email without it sounding hostile. It
isn't meant that way :)
Ged.
************************************************************************
The information contained in this message or any of its
attachments is confidential and is intended for the exclusive
use of the addressee. The information may also be legally
privileged. The views expressed may not be company policy,
but the personal views of the originator. If you are not the
addressee, any disclosure, reproduction, distribution or other
dissemination or use of this communication is strictly prohibited.
If you have received this message in error, please contact
postmaster(a)exideuk.co.uk
<mailto:postmaster@exideuk.co.uk> and then delete this message.
Exide Technologies is an industrial and transportation battery
producer and recycler with operations in 89 countries.
Further information can be found at
www.exide.com