[Owasp-esapi-c++] Boost Library

Jeffrey Walton noloader at gmail.com
Mon Aug 8 03:00:41 EDT 2011 

Hi David,

On Mon, Aug 8, 2011 at 2:55 AM, David Anderson
<david.anderson at aspectsecurity.com> wrote:
> I feel your pain.
>
> I just checked in some changes that seem to make the tests run correctly.  The custom validation logic still needs to be replaced with Boost::Test assertion macros.
OK. Very good.

Don't worry about getting the existing crypto tests to work. Its
monkey work, and I can take care of it.

> Now, I'm not saying that I just took ownership of the Boost gear,
Lol!!!! I'd run like hell, too.

> but I would like to stay with Boost::Test until I see something better.  And yes, the documentation is lacking.  I found this page, in case it helps you:
>
OK, thanks.

Jeff

> -----Original Message-----
> From: owasp-esapi-c++-bounces at lists.owasp.org on behalf of Jeffrey Walton
> Sent: Sun 8/7/2011 7:42 AM
> To: ESAPI C++ List
> Subject: [Owasp-esapi-c++] Boost Library
>
> Hi guys,
>
> Don't take this personally, but I recommend yanking Boost (unless an
> asset gets involved who is willing to take ownership of the Boost
> gear). I've wasted too much time on trying to get the self test to
> compile and run.
>
> The library looks like C-ish to me due to all the macros - something I
> would expect to see in Microsoft's MFC. I don't think I have ever seen
> a macro used in Stroustrup's or Meyer's two books - The C++
> Programming Language, Effective STL, and Effective C++, respectively.
> Others have commented similarly.
>
> I have found the documentation to lack clarity and cohesiveness, and
> the author's link to sample projects are broken.
>
> I'm finding its difficult to find answers (including through the
> mailing list). The list is low volume, and when someone does answer,
> its seems to be with the "it works for me" undertone.
>
> Others seem to have had similar problems, and the author does not
> appear to appreciate/understand that the documentation and samples
> have room for improvement.
>
> I'm also concerned that the malfunctioning test library will mean
> folks *won't* write the tests at all. Lack of or incomplete testing
> would be very bad territory to get into.
>
> All things considered, this library looks like a potential sink that
> could cost a lot in development time. I understand Boost is a
> collection of separate projects, but I think past performance will be
> indicative of future expectations. Its free software - you get what
> you pay for.
>
> Jeff
> _______________________________________________
> Owasp-esapi-c++ mailing list
> Owasp-esapi-c++ at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-esapi-c++
>
>

More information about the Owasp-esapi-c++ mailing list