[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Groff] Re: PSPIC error - "missing argument"

From: Larry Kollar
Subject: Re: [Groff] Re: PSPIC error - "missing argument"
Date: Sat, 15 Jun 2002 23:23:28 -0400

Bernd Warken <address@hidden> wrote:

> > > > > groff ... is full of subtle bugs.  Moreover, it is absolutely
> > > > > insecure (buffer-overflows).
> > > > 
> > > > Please tell us where.  Such things should be fixed ASAP.
> > > 
> > > Not now.  After the release.
> > 
> These bugs are not trivial.  Many global variables are not cleanly used.
> Most classes are not well designed.  It will be a lot of work....
> As a second point, security issues from the Secure-Programs-HOWTO are
> mandatory for a serious GNU package.  This will imply a heavy usage of
> classes.  This would be combined with Unicode integration, so that's a
> big deal, too.
> The greatest difficulty is the conservatism of the groff elders.
> Security in driving cars is a bit more complicated than with bicycles
> from the stone age.

I was following you until that last paragraph, then I got lost.
The "conservatism" part I partially understand (I think): there
are a lot of old documents out there that occasionally get brought
back into the light & reprinted (and possibly revised along the
way). That's a good thing; it sets text-based formatters apart
from commercial Word processors that won't read their own documents
from 2 or 3 revisions previous. I've not heard anyone advocate
limiting groff to an exact replica of ditroff -- long names, the
while construct, and numerous other extensions made that a lost
cause long ago anyway.

I'm also confused about the "stone age bicycle" comment. You said
(in essence) that security issues are less complicated for stone
age bicycles, but groff needs a lot of non-trivial work in this
department. I fully agree that groff isn't the bicycle -- indeed,
a couple of issues came up on the FrameMaker users' list this week
(automatic "continued" insertions and chapter-level table of
contents) that *roff has always been able to handle with the usual
tools. A Frame solution (at least for the "continued" insertions)
probably involves an external script -- not a bad thing in itself,
but it's a break in the workflow.

So what did that mean, anyway?

Larry Kollar   k o l l a r  at  a l l t e l . n e t
"Content creators are the engine that drives value in the
information life cycle."   -- Barry Schaeffer, on XML-Doc

reply via email to

[Prev in Thread] Current Thread [Next in Thread]