Anyway, the reality is we *don’t* use processes and pipes for important things, *because* they fail roughly like this. You can say “but error codes” all you want, we don’t do this with browsers or ssh or gzip or REPLs (hello, Jupyter) or anything else. Because this hits a wall.https://twitter.com/marcan42/status/996231278276919296 …
-
Show this thread
-
You can say it shouldn’t matter. But it really does. It’s nice to have Unix process management, it’s great to be able to lash things together with stringly types blobs, but eventually, we always move from pidgin to creole (to borrow phrasing from actual linguistics).
1 reply 0 retweets 8 likesShow this thread -
Replying to @dakami
So how are process exit codes different from shared library return codes different, exactly? What makes it more likely that a stupid user will not check the former but will check the latter? Your argument is valid, but *this bug* is not a good example against processes and pipes
2 replies 0 retweets 1 like -
Replying to @marcan42
No, that’s what you’re not getting. It really is the fragility of the interface that gets you the “It returns content by default, hope you’re smart enough to check the error code, what do you mean nothing did” surprise not surprised dynamic
2 replies 0 retweets 2 likes -
Arguably nobody wanted to add a —just-give-me-what-you-got command line (or —insecure).
1 reply 0 retweets 0 likes -
Replying to @dakami
This is a backwards compatibility argument. gpg was designed with streamability in mind. Sure, you could add an --unbuffered argument, but then you'd break many existing use cases. We both know "secure by default" choices are hard when your public interface is frozen.
2 replies 0 retweets 0 likes -
Replying to @marcan42
They are. You tend to get to reset expectations with a major rev, which we do everywhere else every so often. libssh2 didn’t always exist.
1 reply 0 retweets 2 likes -
Replying to @dakami
This is harder with commandline apps (especially ones as dedicated to backwards compat as gpg) because people don't tend to introduce "gpg2" style "new interface here" breaks. It's a bigger change than library sonames (where you can at least install both at once).
2 replies 0 retweets 0 likes -
But yes, would it be nice for gpg to have a different, more modern interface? Sure. I just don't think blaming this bug on that is fair or reasonable. Something to work towards perhaps, but not a Big Glaring Problem.
3 replies 0 retweets 1 like -
Details can look reasonable even if the whole fails terribly. In this case, the exit code in GnuPG is NOT a reliable indicator of operational success in GnuPG. Applications are supposed to look at the output of --status-fd and understand the stream of messages. It's too special.
1 reply 0 retweets 0 likes
Sure, but in this case *everything* was screaming bloody murder except for the fact that some junk plaintext was output. The exit code was failure. --status-fd outputs two failure messages. Who ignores all that and just takes stdout just because it's there?
-
-
GPGME does it right, but Enigmail doesn't use it! It calls GnuPG directly. And it's easy to miss, because there is a ton of other things to do before you can even think about obscure failure cases. Did I mention lack of test cases in the RFC and lack of interop test suite?
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.