[Owasp-esapi-c++] Boost Library
noloader at gmail.com
Mon Aug 8 03:00:41 EDT 2011
On Mon, Aug 8, 2011 at 2:55 AM, David Anderson
<david.anderson at aspectsecurity.com> wrote:
> I feel your pain.
> I just checked in some changes that seem to make the tests run correctly. The custom validation logic still needs to be replaced with Boost::Test assertion macros.
OK. Very good.
Don't worry about getting the existing crypto tests to work. Its
monkey work, and I can take care of it.
> Now, I'm not saying that I just took ownership of the Boost gear,
Lol!!!! I'd run like hell, too.
> but I would like to stay with Boost::Test until I see something better. And yes, the documentation is lacking. I found this page, in case it helps you:
> -----Original Message-----
> From: owasp-esapi-c++-bounces at lists.owasp.org on behalf of Jeffrey Walton
> Sent: Sun 8/7/2011 7:42 AM
> To: ESAPI C++ List
> Subject: [Owasp-esapi-c++] Boost Library
> Hi guys,
> Don't take this personally, but I recommend yanking Boost (unless an
> asset gets involved who is willing to take ownership of the Boost
> gear). I've wasted too much time on trying to get the self test to
> compile and run.
> The library looks like C-ish to me due to all the macros - something I
> would expect to see in Microsoft's MFC. I don't think I have ever seen
> a macro used in Stroustrup's or Meyer's two books - The C++
> Programming Language, Effective STL, and Effective C++, respectively.
> Others have commented similarly.
> I have found the documentation to lack clarity and cohesiveness, and
> the author's link to sample projects are broken.
> I'm finding its difficult to find answers (including through the
> mailing list). The list is low volume, and when someone does answer,
> its seems to be with the "it works for me" undertone.
> Others seem to have had similar problems, and the author does not
> appear to appreciate/understand that the documentation and samples
> have room for improvement.
> I'm also concerned that the malfunctioning test library will mean
> folks *won't* write the tests at all. Lack of or incomplete testing
> would be very bad territory to get into.
> All things considered, this library looks like a potential sink that
> could cost a lot in development time. I understand Boost is a
> collection of separate projects, but I think past performance will be
> indicative of future expectations. Its free software - you get what
> you pay for.
> Owasp-esapi-c++ mailing list
> Owasp-esapi-c++ at lists.owasp.org
More information about the Owasp-esapi-c++