Re: my worry about the recent libxml change
- From: Owen Taylor <otaylor redhat com>
- To: Daniel Veillard <veillard redhat com>
- Cc: gnome-hackers gnome org
- Subject: Re: my worry about the recent libxml change
- Date: 24 Mar 2001 14:43:17 -0500
Daniel,
I have to agree with Maciej here.
Once you've made a stable release of a library, then the proper
behavior of the library is not determined by what is correct, or
even what is documented, but by what is being used by the
applications out there.
This puts the burden on a library maintainer to try and make sure
people don't use things they aren't supposed to, before they
release:
- With documentation
- By making the library as strictly validating as possible
But you can't increase the strictness after you release. If you
release a SAX parser that allows non-closed end-tags, and people
start using it that way, you can't say later "but that isn't
valid XML, and this is an XML parser!" and change the library,
however true the statement is.
Now, you can, of course, augment the API to allow calls:
- "Strictly validate end tags for SAX"
- "Make sure that the internal encoding is always UTF-8"
But the default mode of operation HAS to be the one that is
compatible with the applications out there. Breaking existing
functioning apps is something to be done only under the most
extreme circumstances. (*)
Regards,
Owen
(*) Since someone is going to bring this up, yes, the checks I
added in GTK+-1.2.9 to catch people running GTK+ applications
setuid broke existing apps, and yes, I think I think that
was justified, since every such app that was reported broken
was a wide-open security hole.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]