[Owasp-esapi-c++] Boost Library

David Anderson david.anderson at aspectsecurity.com
Mon Aug 8 02:55:18 EDT 2011


I feel your pain.

I just checked in some changes that seem to make the tests run correctly.  The custom validation logic still needs to be replaced with Boost::Test assertion macros.

Now, I'm not saying that I just took ownership of the Boost gear, but I would like to stay with Boost::Test until I see something better.  And yes, the documentation is lacking.  I found this page, in case it helps you:



-----Original Message-----
From: owasp-esapi-c++-bounces at lists.owasp.org on behalf of Jeffrey Walton
Sent: Sun 8/7/2011 7:42 AM
To: ESAPI C++ List
Subject: [Owasp-esapi-c++] Boost Library
Hi guys,

Don't take this personally, but I recommend yanking Boost (unless an
asset gets involved who is willing to take ownership of the Boost
gear). I've wasted too much time on trying to get the self test to
compile and run.

The library looks like C-ish to me due to all the macros - something I
would expect to see in Microsoft's MFC. I don't think I have ever seen
a macro used in Stroustrup's or Meyer's two books - The C++
Programming Language, Effective STL, and Effective C++, respectively.
Others have commented similarly.

I have found the documentation to lack clarity and cohesiveness, and
the author's link to sample projects are broken.

I'm finding its difficult to find answers (including through the
mailing list). The list is low volume, and when someone does answer,
its seems to be with the "it works for me" undertone.

Others seem to have had similar problems, and the author does not
appear to appreciate/understand that the documentation and samples
have room for improvement.

I'm also concerned that the malfunctioning test library will mean
folks *won't* write the tests at all. Lack of or incomplete testing
would be very bad territory to get into.

All things considered, this library looks like a potential sink that
could cost a lot in development time. I understand Boost is a
collection of separate projects, but I think past performance will be
indicative of future expectations. Its free software - you get what
you pay for.

Owasp-esapi-c++ mailing list
Owasp-esapi-c++ at lists.owasp.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi-c++/attachments/20110808/156f83e8/attachment.html 

More information about the Owasp-esapi-c++ mailing list